Remote workers bombarded with 65,000 Google-branded cyber-attacks in first four months of 2020

Google-branded sites such as storage.googleapis.com, docs.google.com, storage.cloud.google.com, and drive.google.com have been increasingly used to trick victims into sharing login credentials, according to new insight from Barracuda Networks

LONDON, 28th May 2020 – Remote workers have been targeted by up to 65,000 Google-brand impersonation attacks, according to the most recent ‘Threat Spotlight’ report from Barracuda Networks. This type of spear phishing scam uses branded sites to trick victims into sharing login credentials.

Of the nearly 100,000 form-based attacks Barracuda detected between January 1, 2020, and April 30, 2020, Google file sharing and storage websites were used in 65 per cent of attacks. This includes storage.googleapis.com (25 per cent), docs.google.com (23 per cent), storage.cloud.google.com (13 per cent), and drive.google.com (4 per cent).

In comparison, Microsoft brands were targeted in 13 percent of attacks: onedrive.live.com (6 per cent), sway.office.com (4 per cent, and forms.office.com (3 per cent). The other sites impersonated include sendgrid.net (10 per cent), mailchimp.com (4 per cent), and formcrafts.com (2%). All other sites made up 6 percent of form-based attacks.

Barracuda researchers observed that Google-brand impersonation attacks have made up 4 per cent of all spear phishing attacks in the first four months of 2020, and they expect to see this number climb, as cybercriminals have success harvesting credentials.

Steve Peake, UK Systems Engineer Manager, Barracuda Networks comments:

“Brand-impersonation spear phishing attacks have always been a popular and successful method of harvesting a user’s login credentials, and with more people than ever working from home, it’s no surprise that cyber criminals are taking the opportunity to flood people’s inboxes with these scams. The sophistication of these attacks has accelerated in recent times: now, hackers can even create an online phishing form or page using the guise of legitimate services, such as forms.office.com, to trick unsuspecting users.

“Fortunately, there are ways to protect oneself against these cyber, such as implementing multi-factor authentication steps on all log-in pages so that hackers will require more than just a password to gain access to your data. Other, more sophisticated methods of cyber protection include using email security software, such as API based inbox defence, which uses artificial intelligence to detect and block attacks.”

Website | + posts

Unlocking Cloud Secrets and How to Stay Ahead in Tech with James Moore

Newsletter

Related articles

Driving the Future of Connectivity with Data Centres

As an astonishing matter of fact, there are 5.3 billion people...

Willow’s Breakthroughs in Quantum Stability

The Start of a New Era Have you heard the...

Cloud Computing Demands Robust Security Solutions

Modern organisations are increasingly reliant on cloud computing to...

Unlocking the future of manufacturing; AIOps network optimisation

Global manufacturing activity has failed to show signs of...

Why is the hybrid cloud the future of computing?

Have you ever wondered how companies can benefit from...