Sharing Files Or Malware? Why Users Must Stay Vigilant Even When Collaborating

IT researchers have discovered a flaw in Google Drive's "manage files" feature that can open the door to malware infection.

According to one system administrator, a hacker could "update" a file to a newer version that contains a malicious program. The Google Drive system apparently does not verify that the updated version contains the same file type or extension. The unsuspecting user, thinking he or she is grabbing an update to an existing document, is actually installing malware onto their computer.

Although this type of attack can only target those workers who routinely share documents on Google Drive, those numbers are steadily increasing as more people are working remotely.

Researchers have informed Google about this flaw, but no patch has yet been released. Users can protect themselves by using antivirus software and remaining cautious when retrieving updated files on Google drive, particularly when they are not expected. Jon Fingas "Google Drive flaw may let attackers fool you into installing malware" www.engadget.com (Aug. 22, 2020).

Commentary

Engadget.com updated the above article on August 25 with a response from Google about the apparent flaw. The software giant stated it regularly scan files for viruses and malware before a user can download them into the file storage system, and that hackers cannot avoid this file scan by modifying file attributes. They also maintain that Google Chrome will alert users to known malware even if it comes from Google Drive.

Although this response is reassuring, users cannot ignore the constant threat of phishing. Phishing emails continue to be the most common method of malware infection. As mentioned above, antivirus software is a valuable way to decrease infection risk but cannot replace a user’s continual vigilance in recognizing suspicious emails and files.

Always be wary of an unexpected email even if it looks to have been sent by a coworker or superior in collaboration with a project. In addition, do not hesitate to notify your IT department when you receive a suspect email. Your prompt action to communicate potential threats may prevent someone else from falling for a similar deception.

Finally, your opinion is important to us. Please complete the opinion survey:

News

5G Networks Pose New Cyber Risks: What Steps Can Organizations Take To Lower The Threat?

5G networks are more vulnerable to cyberattacks, meaning organizations that use them must take additional precautions. We examine. Read More

Sharing Files Or Malware? Why Users Must Stay Vigilant Even When Collaborating

Systems experts think they may have found a flaw in Google Drive's file storage system that would allow hackers to download malware. Read how to avoid infection. Read More

Does Your Website Need To Be GDPR Compliant?

Organizations must make sure their data collection practices adhere, if required, to the E.U. guidelines. We examine. Read More