Bitdefender presented the results of research describing a flaw in Google Credential Provider for Window (GCPW) and the new attack techniques which, exploiting Google Workspaceallow you to go from breaching a single endpoint to breaching your entire network to execute ransomware attacks or exfiltrate data.
How a hacker attack on Google Workspace works
It is important to underline that these flaws of Google Workspace, combined with attack methods, they can only be exploited after the local computer has been compromised with other threats.
After informing Google, the latter confirmed that while the attack methods are valid they do not fit into their specific threat model and, therefore, protection must be provided by other security controls, such as EDR (Endpoint Detection and Response) e XDR (Extended Detection and Response).
The attack methods allow the potential cyber criminals to move laterally towards other cloned machines with GCPW installedand gain access to the cloud platform with customized permissions or decrypt locally stored passwords to continue the attack outside the Google ecosystem.
Bitdefender’s advice against the hacker attack on Google Workspace
Bitdefender encourages companies using Google Workspace or Google Cloud Platform to consider i potential risks.
Bitdefender Threat Debrief, the evolution of ransomware threats
Bitdefender begins its Threat Debrief with a particular focus on the conflict in Ukraine. In fact he decided to provide free consultancy together with National Cyber Security Directorate (DNSC) from the Romaniato all private citizens in Ukraine.
The conflict situation remains complex, with many DDoS attacks and some attacks wiper malware. But at the moment Bitdefender does not report breaches in industrial control systems like those that blocked power supplies in Ukraine in 2015 and 2016.
Bitdefender also analyzed February 2022 ransomware threats, using static anti-malware engines. According to the data, opportunistic groups and “Ransomare-as-a-service” there are many more than hackers looking for specific targets.