If your company relies on Google Workspace, you must know about the latest cyber threat.
As you know, setting up a new user account in Google Workspace requires email authentication. Hackers uncovered a vulnerability in Google’s protocols that bypassed this authentication process. The vulnerability allowed bad actors to create a Workspace profile by impersonating a company’s domain.
To use most of Google Workspace’s features, including Gmail, users must confirm and validate that they can use the domain name associated with the email address. However, hackers were able to circumvent this requirement by directing the confirmation email to a different account not associated with the domain.
Once the hackers confirmed domain control, they used the fake credentials to log into third-party services and cloud-based apps using the “Sign in with Google” option. Google security leaders noted that accessing these third-party services was the hacker’s primary goal with the attacks. They didn’t intend to steal information or abuse Google services like Docs or Sheets.
According to Google, security teams addressed the vulnerability within 72 hours and added additional protections to prevent further breaches. They also reported that the breach only affected a small number of accounts, a few thousand at most.
Still, this threat underscores the need to fully secure your Google Workspace and take steps to prevent hackers from having the ability to impersonate your company or team members to steal critical data.
Keep Your Google Workspace Safe
Although Google Workspace includes many security features, you may need to enable some to ensure maximum protection.
One of the settings you need to configure is the API controls. You can find these under Security > Access and Data Controls. Enabling these controls allows you to determine what information third-party applications can access without specific permission.
Setting strict controls on which applications can access which information is critical to ensuring that potentially risky apps don’t have any access to sensitive information. The simplest way to do this is to configure Google Workspace security to allow “Sign in with Google” for apps that only require basic information like the username and email address. If the app needs additional, deeper organizational information, users won’t be able to access it this way without special permission.
It’s important to recognize that taking this approach means configuring some of the most commonly used apps, like Slack, to allow deeper access and creating a list of allowed apps. While these settings may not keep a hacker from accessing sensitive information if they sign in to an approved app like Dropbox, they may help mitigate some damage.
Staying alert to sign-ins on third-party apps and investigating any unusual activity can also help keep bad actors from getting too deep into your Google Workspace and compromising security.
