Kamfanin software na Cybersecurity Check Point ya gano wani sabon zamba na Google Docs mai cike da damuwa wanda ke ƙetare matakan ganowa na yau da kullun don shiga kai tsaye cikin akwatunan saƙon waɗanda abin ya shafa.
Masu binciken suna magana akan zamba a matsayin juyin halitta na BEC (daidaitawar imel na kasuwanci) 3.0, ko kuma wanda ke amfani da halaltattun shafuka don samun damar shiga akwatin saƙo na manufa.
Tare da kamfanoni da yawa yanzu suna son Google Workspace's software na ofishin , yuwuwar zamba na isa ga ma'aikata a cikin damuwa musamman.
Google Drive zamba
Manazarta sun ce duk wani mai yin barazana da ya kamata ya yi shi ne ƙirƙirar Google Doc. A cikin fayil ɗin, za su iya sanya kowane irin harin da suke so, gami da hanyoyin haɗin yanar gizo da URLs waɗanda ke turawa zuwa malware.
Daga can, Doc ɗin yana buƙatar kawai a raba shi tare da wanda aka azabtar ta hanyar tsarin raba Google Drive na yau da kullun. Saboda imel ɗin ya zo ta hanyar adireshin imel na gaskiya na Google da yanki, kuma ba na ɗan damfara ba, waɗanda abin ya shafa ba sa iya gane shi a matsayin harin.
Bugu da ƙari, ganowa da kayan aikin rigakafin su ma sun fi amincewa da imel daga ayyuka na gaske kamar Google.
Check Point ya ce irin wannan harin na BEC yana amfani da nau'i na injiniyan zamantakewa, yana ba da sabis na amintaccen mai ba da sabis (a cikin wannan yanayin, Google) da tsarin amintaccen tsari (raba takardu).
An sanar da Google game da binciken ne a farkon watan Yuli, amma kamfanin bai amsa bukatar mu nan take ba na musayar karin bayanai game da yadda yake kare masu amfani da shi daga ci gaba da kai hare-hare irin wannan.
A halin yanzu, CheckPoint yana ba ƙwararrun tsaro shawara don aiwatar da sabbin matakai da ci gaba waɗanda ke amfani da bayanan ɗan adam don gano alamun phishing da yawa. Software na duba fayil shima kyakkyawan ra'ayi ne, kamar yadda yake kare URL.