You must be aware of the latest cyber threats if your company uses Google Workspace.
You may already be aware that setting up a Google Workspace account requires an email authentication. Hackers discovered a vulnerability within Google's protocol that allowed them to bypass this authentication process. This vulnerability allowed malicious actors to create Workspace profiles by impersonating the domain of a company.
Users must validate and confirm that they are allowed to use the domain associated with their email address before using most Google Workspace features. Hackers were able, however, to bypass this requirement by sending the confirmation email to an account that was not associated with the domain.
After confirming domain control, the hackers used fake credentials to sign into cloud-based services and third-party apps using “Sign in With Google”. Google's security experts noted that the hackers' primary goal was to access these third-party apps and services. The hackers didn't want to steal data or abuse Google products like Docs and Sheets.
Google's security teams fixed the vulnerability in 72 hours, and added extra protections to stop further breaches. The breach affected only a small number, at most a few thousands of accounts.
This threat still highlights the need to secure your Google Workspace.
Keep your Google Workspace Secure
Google Workspace has many security features. However, some may require activation to provide maximum protection.
API controls is one of the settings that you will need to configure. These controls can be found under Security > Access and Data Controls. By enabling these controls, you can determine which information third-party apps are allowed to access without explicit permission.
It is important to set strict controls over which apps can access sensitive information. This will ensure that risky applications do not have access. This can be done by configuring Google Workspace Security to allow users to “Sign in with Google”, for apps that require only basic information such as the user name and email address. Users won't have access to the app if it requires deeper organizational data.
This approach involves configuring the most popular apps like Slack to allow deeper access, and creating a listing of approved apps. These settings will not prevent hackers from accessing sensitive data if they use an app that is approved, such as Dropbox. However, they can help to mitigate damage.
By being aware of sign-ins to third-party applications and investigating any suspicious activity, you can prevent bad actors from gaining access to your Google Workspace.