When it comes to cloud storage, be it saving personal information, confidential company details or sensitive data, people rely on Google Drive greatly.
To remain relevant, render more features, and improve the user experience — like other service providers or companies, Google has integrated a feature "manage versions" in Google Drive.
This feature allows users to upload and manage various files. The core objective is to allow users to replace old versions of any documents or files with new ones.
However, the biggest loophole in this functionality, which is a wide pathway or tunnel for hackers to steal our data and hack our system, is a "file extension flaw".
The file extension should remain the same, while we update any uploaded file with its new version or "updated version"; however, that is not the case with G Drive. The file extension can be changed, and as a result, people with ill intentions can launch "whale attacks" (a phishing tactic generally used by criminals to steal confidential information of various companies and corporate houses under the guise of their senior management. It allows them to obtain access to companies' systems for illegal and criminal activities. Unfortunately, even Google Chrome allows these files to be downloaded, if these get routed via Google Drive.
This way, malware attackers manage to disburse malicious files in the garb of legitimate docs or images.
A Nikoci (a system administrator) who reported this flaw to Google says, "Google lets you change the file version without checking if it's the same type. They did not even force the same extension."
Zscaler, Check Point Research and Cofense have recently highlighted many campaigns wherein cyber attackers used emails to embed malware on Google Drive and Dropbox. They also host various phishing pages exploiting these cloud storage companies.
When it comes to your data security, you can’t merely rely on your service providers. You have to be diligent, aware, and cautious. We, at ISOEH, provide a bevy of guidance, updates, courses on cyber security, and data protection. Find our cyber security course list here.
Click here to get more breaking news: https://www.isoeh.com/breaking-news.html