CYBR650

Week 9

OAuth Rules Are Strengthened By Google To Combat Phishing Attacks

Gmail users were attacked during the week of May 1, 2017. Google blocks millions of phishing attacks each day, but the latest incident showed googles system isn’t fool proof. The attack successfully tricked Gmail users into granting access to their contacts to a fake third party tool called Google Doc’s. Once the attacker was successful they were able to resend the phishing attack to everyone in the victims contact list. The phishing email seemed to come from a trusted person and claimed to have a link the sender wanted to share via a link to Google Docs.

Google was able to spot the attack and block it fairly quickly, but the attacker used OAuth which prevented the victim from being able to protect themselves even by changing their password. The only countermeasure was to remove permissions from the offending app was able to fix the issue. Google stated “We’re committed to keeping your Google Account safe, and have layers of defense in place to guard against sophisticated attacks of all types, from anti-hijacking systems detecting unusual behavior, to machine learning models that block malicious content, to protection measures in Chrome and through Safe Browsing that guard against visiting suspicious sites” (Arghire, 2017)

Google has announced it is updating its policies on OAuth application to help prevent this type of attack from happening in the future. They are also updating their anti-spam system and increasing their monitoring of suspicious sites. According to Google, “less than 0.1% of Gmail users were impacted by last week’s “Google Docs” incident, but, as Talos’ Sean Baird and Nick Biasini point out, this proof-of-concept did reveal that a convincing Google phish via OAuth is possible.” (Arghire, 2017)

References

Arghire, I. (2017, May 09). Google Tightens OAuth Rules to Combat Phishing. Retrieved from Security Week: http://www.securityweek.com/google-tightens-oauth-rules-combat-phishing