Alert Issued for Millions of Google Gmail and Calendar Users Regarding Potential Cyber Threats
Update, Dec. 18, 2024: This piece, first published Dec. 17, now includes a fresh warning from Check Point researchers about an ongoing threat that's attacking Google users via Calendar, Drawings, Gmail, and Forms.
Attacks on Google applications, particularly Gmail and Calendar, are a regular concern in the news for good reason: they are favorite targets for cybercriminals and hackers. What are the latest threats to keep an eye on, and how can you best safeguard against them? The most recent threat, as reported by Check Point security experts, utilizes a combination of Google Calendar, Drawings, Forms, and Gmail in its attack strategy. Here's everything you need to know to remain secure.
Check Point Researchers Warn of New Ongoing Calendar Attacks
Check Point has recently published a study on a new Google Calendar notification attack that is bypassing email security protocols. These attackers intend to use the newly discovered attack methods, according to Check Point, with over 2,300 attacks occurring in a two-week stretch, as reported by Check Point. This might not seem significant, given that Google Calendar is used by 500 million people in 41 countries. However, each attack must begin somewhere, and this should not be grounds for underestimating the tactics used by these cybercriminals. “Cyber criminals are altering sender headers,” Check Point researchers remarked, “making emails appear to be sent via Google Calendar by a reputable individual.” At least 300 brands have been impersonated by the attackers as part of their effort to "phish" their victims.
Initially, these attacks exploited the user-friendly features of Google Calendar to link to malicious Google Forms. However, the researchers reported that "after observing that security products could flag malicious Calendar invitations," the attackers adapted their methodology to "match the capabilities of Google Drawings." Once the form or drawing endpoint is reached, another link is presented, often a fake reCAPTCHA or support button. The ultimate objective remains the same: payment fraud.
Protecting Yourself Against Google Calendar Cyber Attacks
A recent alert from Stu Sjouwerman, CEO and founder of human risk management specialists KnowBe4, warns of an ongoing campaign targeting Google users through the misuse of Google Calendar invites. “Attackers only need your Gmail address to send you an invite,” Sjouwerman said, “and the event will be added to your calendar by default.” This is not the first time that such methods have been employed by cybercriminals. In fact, I have written about the misuse of Google Calendar invites at Our Website.com for several years now. However, it is always a good idea to stay up-to-date on the latest threat tactics, as recommended by Sjouwerman.
Mitigating these attacks is straightforward, according to Sjouwerman. Head to the Google Calendar settings and the event settings, then switch the automatic invitation acceptance option to only show invitations to which you have responded. Step two involves going to the events from Gmail setting and unchecking the option to automatically add events from Gmail to your calendar. Although this will disable automatic invites for both genuine and malicious invitations, it will impact functionality. It is once again the tried-and-true trade-off between usability and security.
The generic calendar spam in the recent campaigns may be annoying, but it serves as phishbait, Sjouwerman warned. “It's easy to imagine how this technique could be used in more targeted and sophisticated attacks,” he cautioned.
Google advises users with an eligible Google Workspace subscription to use email verification for appointment schedules to prevent unwanted appointments. “You can ask guests to verify their email address before they schedule an appointment in Google Calendar,” Google said, “This is only necessary for users who are not signed in to a Google Account.” More information about Google Calendar privacy options can be found here.
“We recommend users enable the known senders setting in Google Calendar,” a Google spokesperson said, “This setting helps to defend against this type of phishing by alerting the user when they receive an invitation from someone not in their contact list and/or they have not communicated with via email address in the past.”
Similar warnings have recently been issued about ClickFix attackers using fake Google Meet pages, so it's important to remain aware of the growing interactive meetings attack surface.
- Despite utilizing email security protocols, cybercriminals have discovered a way to bypass them through Google Calendar notifications, as recently reported by Check Point security experts.
- To safeguard against these attacks, users can adjust their Google Calendar settings to only accept invitations they have responded to and disable automatic event additions from Gmail.
- As warned by Stu Sjouwerman, CEO of KnowBe4, attackers can send malicious Google Calendar invites to your Gmail address, which will be automatically added to your calendar by default.
- Google recommends enabling the known senders setting in Google Calendar to receive alerts for invitations from individuals not in your contact list or with whom you have not communicated via email.
