Connect with us

Hi, what are you looking for?

The American GeniusThe American Genius

Business News

Russian hackers are at it again, this time on Google Drive

Glasses in front of computer representing the hacking of Google Drive.

The hackers behind the infamous SolarWinds breach of 2020 appear to be at it again, this time using Google Drive to both hide and deliver malware, reports TechCrunch.

The Russian Foreign Intelligence Service hacking branch, also known as APT29, appears to have used Google Drive to deliver malware to “diplomatic missions and foreign embassies in Portugal and Brazil.” While APT29 has reportedly used Dropbox for “command and control infrastructure” purposes in at least one notable campaign, this weaponization of Drive seems to be an escalation of the prior cloud storage usage.

Palo Alto Networks’ Unit 42, a threat intelligence group, suggests that this usage of cloud storage will make tracking APT29’s movements and operations extremely difficult, especially when combined with encryption.

This is concerning for a lot of reasons, a major one being the recent rise in malicious activity from Russia. Both Google’s Threat Analysis Group and the EU foreign service have reported increases in Russian hacking activity in various contexts, including an app targeting Ukrainians and malicious activity across Europe.

Advertisement. Scroll to continue reading.

With this increase in malicious activity, anyone associated with or in charge of a possible target should be taking significant steps to shore up their cybersecurity protocols.

David Wolpoff, a cybersecurity expert and CTO of Randori, posits that the most important mindset doesn’t involve establishing certainty that you or your network are never compromised; it’s ensuring that, when your network is invariably compromised, the hack is ultimately unsuccessful in its primary goal.

“The way I judge these events is not by whether someone is hacked, but by how much effort the adversary needed to expend to turn a compromise into a meaningful breach,” says Wolpoff.

“These breaches are reminders that nobody is immune to risk or being hacked…every company is subject to the same reality: Compromise is inevitable.”

Google Drive is ubiquitous enough that one can expect to see this tactic used a la SolarWinds sooner or later, with the former more likely than not. As Wolpoff suggests, working to minimize the number of possible damage attackers can do while brushing up on security literacy across your workplace is the best use of your time for now.

Advertisement. Scroll to continue reading.

Jack Lloyd has a BA in Creative Writing from Forest Grove's Pacific University; he spends his writing days using his degree to pursue semicolons, freelance writing and editing, oxford commas, and enough coffee to kill a bear. His infatuation with rain is matched only by his dry sense of humor.

Click to comment

Leave a Reply

Your email address will not be published.

The
American Genius
news neatly in your inbox

Subscribe to our mailing list for news sent straight to your email inbox.

Advertisement

KEEP READING!

Business Finance

(FINANCE) Buying unheard of ICOs just got much riskier as scammers find new ways to scam people out of their crypto investments while stealing...

Tech News

(TECH NEWS) “Avalanche” was a platform for malware attacks across the globe, with damages estimated to be in the hundreds of millions. With this...

Tech News

(TECH NEWS) Virusdie scans PHP, HTML, JS, images, and system files to automatically clean up your website and protects against online threats, XSS/SQL injections,...

Tech News

Ransomware and malware are evolving, creating new threats. This means what worked last year may not work this year, so here is what you...

The American Genius is a strong news voice in the entrepreneur and tech world, offering meaningful, concise insight into emerging technologies, the digital economy, best practices, and a shifting business culture. We refuse to publish fluff, and our readers rely on us for inspiring action. Copyright © 2005-2022, The American Genius, LLC.