Google has fixed the bug affecting Gmail and G Suite that was discovered by the security researcher Allison Husain. The bug allowed attackers to send spoofed emails to other Google users and enterprise customers. Husain stated, “Both Gmail’s and any G Suite customer’s strict DMARC/SPF policy may be subverted by using G Suite’s mail routing rules to relay and grant authenticity to fraudulent messages.” The cause of the issue was “missing verification when configuring mail routes,” according to Husain.
“This is advantageous for an attacker if the victim they intend to impersonate also uses Gmail or G Suite because it means the message sent by Google’s backend will pass both SPF and DMARC as their domain will, by nature of using G Suite, be configured to allow Google’s backend to send mail from their domain,” Husain explained. “Additionally, since the message is originating from Google’s backend, it is also likely that the message will have a lower spam score and so should be filtered less often.”
All organizations that receive email should consider implementing Domain-based Message Authentication, Reporting and Conformance (DMARC) and Sender Policy Framework (SPF) controls to prevent spoofed email messages from being received by employees. Attackers often falsely claim to be a trusted contact when attempting to socially engineer employees to convince them to wire payments to a new account or open a malicious attachment. Binary Defense highly recommends that every organization establish a responsible disclosure policy and point of contact for receiving bug reports from security researchers so that issues can be remediated as soon as possible. Researchers will sometimes give companies a deadline to mitigate the issue. If the company does not have the problem solved by the deadline, the researcher could post the findings report online showing the bug and sometimes how to exploit it.
For more information about this article, please check out the link below.