What are Continuing Cybersecurity Threats?
Cybersecurity vulnerabilities in Google and Microsoft products are addressed quickly after they are discovered, but in the cases of the following vulnerabilities, cyberattackers have continued to find ways to carry out their attacks. Being aware of these continued threats will help you to protect yourself from cyberattacks by employing the recommended prevention strategies and recognizing when you see suspicious activity on your network, in your email, or in text messages.
Google Docs Comments
Google Docs is a popular productivity tools where users can create and edit text documents right in their web browsers, without needing to download any software. Google Docs are popular for collaborative work, as multiple people can work on a document at the same time, seeing people’s changes as they make them, and all changes are saved automatically. Unfortunately, Google Docs is not safe from cybercriminals.
Cyberattackers have been targeting the comment features in Google Docs. In these cyberattacks, the cyberattacker adds a comment to a Google Doc that mentions the target with an “@”.2 This action triggers an email, from Google, that includes the full comment, including the malicious link and text. Since the email address isn’t shown, only the cyberattacker’s display name, this makes it easier to trick an unwitting victim into clicking on the link. This cyberattack is effective because emails from Google are on most whitelists, and are trusted by most users. Additionally, anti-spam filters also fail to protect against this cyberattack, because the email address of the cyberattacker is not displayed, only their display name. This cyberattack can be prevented by avoiding clicking on links in emails and hovering over other links before clicking on them, to be sure that the link is sending them to the expected destination.
Intel Driver Vulnerability
Cyberattackers have been exploiting an old vulnerability in Intel drivers that allows them to bypass cybersecurity protections and gain access to networks.1 The cybercrime outfit responsible for this cyberattack takes particular interest in telecoms and business outsourcing sectors, with a main objective of gaining access to mobile carrier networks. This cyberattack often begins via SMS phishing attacks that steal usernames and passwords, and sometimes this allows them to acquire additional credentials. Once inside the network, the cybercriminals are able to use a technique that allows them steal certificates or self-sign their own certificates, allowing them to bypass the mechanisms aimed at preventing unsigned kernel-mode drivers to be installed. They then install their own drivers on systems to disable security products and hide their network activities. This cyberattack can be prevented by ensuring that the old security patch is applied and, possibly, by blocking drivers, though Microsoft warns that blocking drivers can lead to malfunctions.
1 Palmer, 2023, “Hackers are using this old trick to dodge security protections”
2 Greig, 2022, “Hackers are sending malicious links through Google Doc comment emails”