Sharing Files Or Malware? Why Users Must Stay Vigilant Even When Collaborating

IT researchers have discovered a flaw in Google Drive's "manage files" feature that can open the door to malware infection.

According to one system administrator, a hacker could "update" a file to a newer version that contains a malicious program. The Google Drive system apparently does not verify that the updated version contains the same file type or extension. The unsuspecting user, thinking he or she is grabbing an update to an existing document, is actually installing malware onto their computer.

Although this type of attack can only target those workers who routinely share documents on Google Drive, those numbers are steadily increasing as more people are working remotely.

Researchers have informed Google about this flaw, but no patch has yet been released. Users can protect themselves by using antivirus software and remaining cautious when retrieving updated files on Google drive, particularly when they are not expected. Jon Fingas "Google Drive flaw may let attackers fool you into installing malware" www.engadget.com (Aug. 22, 2020).

Commentary

Engadget.com updated the above article on August 25 with a response from Google about the apparent flaw. The software giant stated it regularly scan files for viruses and malware before a user can download them into the file storage system, and that hackers cannot avoid this file scan by modifying file attributes. They also maintain that Google Chrome will alert users to known malware even if it comes from Google Drive.

Although this response is reassuring, users cannot ignore the constant threat of phishing. Phishing emails continue to be the most common method of malware infection. As mentioned above, antivirus software is a valuable way to decrease infection risk but cannot replace a user’s continual vigilance in recognizing suspicious emails and files.

Always be wary of an unexpected email even if it looks to have been sent by a coworker or superior in collaboration with a project. In addition, do not hesitate to notify your IT department when you receive a suspect email. Your prompt action to communicate potential threats may prevent someone else from falling for a similar deception.

Finally, your opinion is important to us. Please complete the opinion survey:

News

Credential Stuffing: A Singular Reason Why You Need To Have Different Passwords For Your Accounts

The FBI warns businesses of the growing threat of compromised login credentials. User password behavior is a big part of the cause. We examine. Read More

Is Having A "Gold Image" The Key To Defeating Ransomware?

A hospital employer says a cyberattack led to the death of a patient. Read how quality backups keep clients safe and allow you to say "no" to paying cybercriminals. Read More

Cybersecurity Training Remains Important Even In Lockdowns

Minimizing administrator privileges and conducting annual training are two ways to keep data safe. Learn more. Read More