Dive Brief:
- In response to May's phishing attack on Google Drive, Google has added a new layer of protection to prevent automated plugins from accessing personal information, according to the G Suite Developers Blog.
- The phishing attack involved an invitation to edit a Google Doc. When the Drive user enabled access to the disguised yet invasive app, the plugin accessed the Drive user's contact list to continue its wormability. Google announced that the attack only hit 0.1% of Drive users but that equates to about one million people, according to The Verge.
- The anti-phishing tool Google rolled out today is an "unverified app" which will display on a user's screen to alert them the plugin has not been verified and therefore may not be safe before granting access to their Google Drive or Gmail.
Dive Insight:
Most cyberattacks, whether in an enterprise or a consumer's home, are a result of human error. Phishing schemes, such as this, prey on vulnerabilities and perhaps overly trusting users. Gannett Co.'s HR department was recently phished in a scheme to disclose employee data by requesting false W-2 forms.
OurMine, a so far successful third-party hacker group, can unlock user information through various outlets. They are the group claiming the hacking of Google CEO Sundar Pichai's personal Twitter and Quora accounts, reported by Wired. An anonymous representative from OurMine told Wired that their hackers’ only purpose is in exposing the disconnect between privacy and security and that "nobody is safe", thus targeting big names like Pichai and Mark Zuckerberg.
In the case of Google, the plugin was sent by an unidentified third party. Google implementing another layer of automated protection through its "unverified app" shows its willingness to stay on top of security issues. Companies more so than ever are aware of cybersecurity risks and those unwilling to raise safety precautions face scrutiny and potential legal ramification for data breaches. Google intends to use the new verification feature on existing and future apps.