G-Suite End-Users Hardened Against Phishing Attacks with BIMI
Google is implementing the BIMI standard to help protect G-Suite users from spam and fraud, and to help filter phishing attacks.
Phishing attacks are emails that attempt to trick the user to click on a hyperlink to access a system they shouldn’t. In order to convince the user to click, hackers will often include the business logos of trusted brands to bestow a feeling of legitimacy and importance.
On July 21, 2020, Google announced a new security feature that’ll be rolled-out to G-Suite users to help protect them from these kinds of attacks.
The feature implements an emergent email standard called Brand Indicators for Message Identification (BIMI) and its function is to uniquely verify the use of corporate logos using the DMARC system - the same system that’s used to validate the authenticity of an email sender.
Emails delivered to Google’s mail system are scanned for fraud and abuse. Under BIMI, a registered brand logo will be validated and presented to the G-Suite end user in the round avatar slot aside an email. It’s a visual cue that both re-affirms brand-trust and indicates safety to the end user.
Messages that fail validation for the use of a corporate logo are filtered from the end user.
The technical side of BIMI requires email senders to:
use SPF and DKIM, and to publish a specific DMARK enforcement policy for the domain of either “p=quarantine” or “p=reject”.
register their logo with the BIMI working group and publish a BIMI record;
acquire a Verified Mark Certificate for their logo (a Google-specific requirement currently offered by only Entrust, DataCard, and DigiCert).
All of these controls benefit the G-Suite user as fraudulent use of corporate logos would potentially be filtered, making their use within spam and phishing attacks useless.
Google intends to implement this feature (and many others related to mail safety) over the next year.
Microsoft is the Problem, Not the Solution
Microsoft has a proven track record of failure: updates prone to harm systems, vulnerabilities that allow ransomware to exist, unacceptable online compromises and downtime … nobody can trust Microsoft products in their small business.
On Wednesday July 15, 2020 - across the world - millions of Microsoft customers went to open Outlook and it crashed. Completely. Users couldn’t access their email using their Windows computer at all - not unless they bypassed Outlook and went online to use a web-based version of Outlook.
Microsoft eventually posted a server-side fix for the issue, rolling it out around noon PST. This is to say that millions of people - on tax day in the United States, no less - lost nearly a day’s worth of productivity.
And Microsoft just shrugged.
In February 2020, Microsoft released security updates that deleted the private data of Windows users. This came on the heels of over four years of disruptive updates that spoiled industry confidence and forced Microsoft to try and explain themselves; even an ex-Microsoft employee described the quality control problems at Microsoft as being systemic.
And Microsoft just shrugged.
So how about - in January 2019 - when Microsoft Office365 was down for two whole days?
Yeah, Microsoft just shrugged.
Meanwhile, Microsoft’s Office 365 security is equally questionable. In 2020 alone, to date:
January 2020. Hackers use malicious apps to gain access to Office 365.
April 2020. An alert from US-CERT describing the vulnerability of millions of MsO365 users; more than one million compromised accounts per month.
May 2020. A hacking threat to Microsoft Teams was announced, threatening another 75 million users.
Microsoft just shrugged.
And finally, ransomware is a significant issue: attacks by aggressors who extort users by encrypting their data. Yet, Microsoft’s mediocre quality control is responsible for the most prominent malware of 2018-2020:
Cryptolocker. It exploits a vulnerability in the Windows platform.
Wannacry. It exploits a vulnerability in the Windows platform.
Cryptowall. It exploits a vulnerability in the Windows platform.
Locky. It exploits a vulnerability in Microsoft Word.
Petya. It exploits the file system of Windows.
Microsoft just shrugs.
One could ascertain that the problem is that Microsoft doesn’t give a hoot about its customers.
Others might suggest that Microsoft looks at systemic vulnerabilities as a marketing opportunity to convince users to upgrade or replace their computer systems.
Yet others could criticize Microsoft’s shoddy quality control.
Whatever the reason, Microsoft is chiefly responsible for the lack of security, quality, and confidence in their products and services.
It’s Microsoft’s inattention to these matters that put small businesses and their data at risk. Our computing platforms should be ever more resilient, more reliable, and more secure - every year - but Microsoft’s solutions prove the inverse.
It is my opinion that it would behoove any small business to seriously consider in what ways they could minimize the use of Microsoft’s products within their control.
And here’s the great news: there’s a ton of other options for small business that doesn’t involve Microsoft solutions. Ask me how.
Related Links:
2021.03.17. Microsoft Releases Emergency Patches to Allow Users to Print.
2021.03.06. Exchange Server Hack Morphs Into a Global Crisis.
2021.01.14. A Single Icon on your Desktop Can Corrupt Win10’s File System.
2020.12.24. Hackers Accessed Microsoft Cloud Customers Info Through 3rd Party.
2020.12.17. Microsoft 365 Was Hacked; The Government was Compromised.
2020.12.11. New Malware Can Infect 30,000 Windows Machines a Day.
2020.10.21. Windows 10 emergency update: US government just issued warning
2020.10.19. Disastrous Windows 10 update is reportedly breaking some PCs
2020.09.23. Windows Updates Appear to be Broken Again
2020.09.19. Homeland Security Urges Immediate Patching Against ZeroLogon Exploit.
2020.09.17. Microsoft 360 MFA is insecure and has been for years; fix coming in April 2021.
2020.09.05. .NET Used by Malware to Create Excel Docs That Bypass Security Checks.
2020.09.02. Windows Defender Can Be Used to Download Malware.
2020.09.01. New Windows 10 Update Could Leave Users Without an Internet Connection.
2020.08.30. Microsoft Leaves a Windows 10 Active Security Exploit Unfixed for 2 Years.
2020.08.27. Windows 10 Could Kill your SSD.
2020.08.20. Microsoft Makes it Harder to Disable Native AV Software.
2020.08.11. Windows 10 Error is Playing Havoc with User Passwords.
2020.08.07. A Old Microsoft Word Doc and a Zip File Can Hijack a Mac.
2020.08.02. Microsoft Edge is Malware.
2020.07.25. Hackers seizing on trust placed in popular Microsoft Office software.
2020.07.27. Opening and closing your laptop could be enough to crash Windows 10.
2013.07.11. Microsoft collaborated with NSA to allow access to email servers without warrant.
How Does Google Drive File Stream Know it's Me?
An explainer for how Google Drive File Stream authenticates to Google to allow access to your Google Drive.
So yah - how does File Stream know to use your Google Drive?
Well, when it runs for the first time, Google Drive File Stream asks a G-Suite user to sign in.
The act of signing-in is the process by which File Stream is then authorized to access to the user’s Google Drive.
Once authenticated, File Stream will present a redirected drive with a My Drive folder labeled G: in Windows; it’ll be represented as a device within the Mac O/S.
The My Drive folder is the root of the user’s Google Drive and - generally - the content placed in My Drive is private to the user.
Where G-Suite Basic users will only see their own My Drive folder, G-Suite Business users would see their My Drive folder and their G-Suite domain’s Shared Drives (formerly known as Team Drives). Only the G-Suite Business license has access to Shared Drives.
When File Stream is active, it creates a runtime stub that appears in the system tray of a Windows computer; a small white and gray triangle near the computer’s clock displayed in the lower right side of the screen. On a Mac, File Stream’s runtime stub appears in the upper toolbar towards the right.
In both cases, the stub will look grayed-out if the user needs to sign in. Clicking on the stub will produce a login challenge that will re-authenticate File Stream. If the stub is blue then the user is currently logged-in.
The user’s credential is cached in the form of an oAuth token and is active for a period of time or until the token is revoked. Then the user would have to sign back in again. If the user rotates their G-Suite password, they would need to sign-in again to create a new oAuth token.
While logged in, the computer user has access to the Google Drive of the signed-in G-Suite user.
Hopefully they’re the same person! The person using the computer is using their account with File Stream and that login information is stored behind the Windows or Mac user account.
If not, the user will notice that the File Stream stub has an option to “switch user” or “disconnect” to reconnect File Stream under another user account.
File Stream cannot connect to multiple user accounts or Google Drives at one time.