• For Enquiry
  • 847-868-9253
  • 847-868-9208
  • Home
  • Why Choose CIO Landing?
    • Our Team
    • Success Stories
    • ‘8 Things’ We Do Better
    • Partners & Certifications
    • Our Services
  • Industry Expertise
    • Manufacturing
    • Medical
    • Education
    • Financial Services
    • Non-Profit
    • Law Firms
  • IT Solutions
    • Co-Managed Service
    • Managed IT Services
    • IT Support
      • On Demand Services
      • Office Moves & Wiring
      • Security
    • Server Management
    • Backup & Disaster Recovery
    • Cloud Services
    • CIO & IT Consulting
    • Cybersecurity Services
    • VoIP
    • Managed Firewall
    • Microsoft 365
      • Microsoft 365 Plans
        • Small Business
        • Enterprise
        • Education
    • Hardware & Software Sales
    • Email & Spam Protection
  • Resources
    • Free Copy Of New Book
    • Blog
    • Newsletter
    • Video Tips
      • Video Tips Archive
    • Free Cloud Report
    • IT Buyers Guide
    • Cybersecurity Crisis Report
    • Network Audit
    • COVID 19 Resources
    • In The NEWS
    • Online Training
  • About Us
    • Our Mission
    • Leadership
    • Teams
    • Referral Program
    • Press Releases
      • CIO Landing: More Than Just an IT
      • Small businesses can have an IT department too
      • CIO Landing, Inc. has joined forces with Banc Certified Merchant Services (BCMS).
    • Affiliations
    • Careers
      • Job Descriptions
    • FAQs
    • Causes We Support
    • Privacy Policy
    • Terms & Conditions
  • Locations
    • Northfield, IL
    • Northbrook, IL
    • Chicago, IL
    • Miami, FL
  • Support
✕
Microsoft Edge Browser Releasing Kids Mode For Safety And Security
March 3, 2021
Google To Add Password Breach Prevention Feature To Android
March 5, 2021

Trusted Google Domain Helped Hackers Get Past Security

March 4, 2021

Hackers have found a new tool in their never-ending quest to cause trouble. They’ve begun abusing the Apps Script business application developed by Google in a bid to steal credit card and personally identifiable information.

That’s significant because given Google’s dominant position on the internet, the Apps Script is widely trusted by the market.

That fact allows hackers to mask their illicit activities and is further aided by the fact that most online vendors whitelist Google’s subdomains by default. Why wouldn’t they? Google plays a critical role in today’s internet and most business owners rely heavily on a wide range of Google’s tools and services.

Unfortunately, that creates an opportunity that the hackers are only too happy to exploit. Armed with a means of masking their activities, hackers can inject malicious code into a number of eCommerce shopping cart solutions, many of which are JavaScript based.

We owe the discovery of this latest tactic to Sansec security researcher Eric Brandel.

Brandel had this to say about the recent discovery:

“This new threat shows that merely protecting web stores from talking to untrusted domains is not sufficient. E-commerce managers need to ensure that attackers cannot inject unauthorized code in the first place. Server-side malware and vulnerability monitoring is essential in any modern security policy.

…when a skimming campaign runs entirely on trusted Google servers, very few security systems will flag it as ‘suspicious.’ And more importantly, popular countermeasures like Content-Security-Policy (CSP) will not work when a site administrator trusts Google.

CSP was invented to limit the execution of untrusted code. But since pretty much everybody trusts Google, the model is flawed.”

And that’s the crux of the problem. Fortunately, if Google’s past performance is any indication, they’ll move swiftly to make their systems even more secure, thus limiting the threat. Until that happens though, it pays to be mindful of the fact that it exists, and plan accordingly.

Share
19
taylor
taylor

Related posts

March 10, 2025

The Hidden Threat: How Gift Card Scams Are Targeting Businesses Like Yours

Read more
February 11, 2025

CIO Landing Named to CRN’s MSP 500 List for 2025—For the Third Year in a Row!

Read more
December 4, 2024

Unlocking the Power of Windows 11: Tips for Maximum Productivity

Read more
© 2025 All Rights Reserved | Powered by CIO Landing