Isn’t the InfoSec community great?

If you didn’t hear, a phishing attack targeting GSuite customers hit Internet-wide today (links below with details). What I’m most fascinated about is the speed with which information about this attack is being populated by the community. Sure, it’s chaotic, sporadic and involves a bit of research and diving into disparate blog posts and tweets. Despite that though, the information is readily available as affected customers and researchers post their findings in near real time. How many other industries or communities work so quickly and collaboratively right at the forefront of their respective fields?

https://twitter.com/Jofo
https://t.co/kGFR25gbRA
https://www.reddit.com/r/google/comments/692cr4/new_google_docs_phishing_scam_almost_undetectable/
https://twitter.com/search?f=tweets&q=google%20phishing&src=typd
https://www.mailinator.com/inbox2.jsp?public_to=hhhhhhhhhhhhhhhh#/#public_showmaildiv

The community that has been built is phenomenal; you just can’t blink or you will miss something. I happened to take both my phone and laptop in for repairs today (don’t ask) which left me in the dark as my SOC was doing awesome work.

Sarah’s first hand account is below.

Sarah Ireland
Threat Intelligence Analyst:

“One of our clients just received a Gdoc phishing email”

The first words of a harried frenzy to get ahead of a major, sophisticated phishing scam that was hitting our employees and clients nearly instantaneously. Immediately, SOC analysts start breaking down the email, using one of our burner emails to run some diagnostics, and looking for similar indicators. Soon, from our SOC side, we had domains to block, remediation steps for our clients, and everyone had been informed of the impending attack.

But, one of the best resources we had was Twitter. The infosec community was ON IT, and I went from “I only see three references that seem similar” to “everyone is spreading the word about this” in two minutes flat. Suddenly, major reporting venues such as techcrunch, CNET, and Motherboard all had public service announcements, Reddit had a list of attack components to look for, and hundreds of security researchers were sharing screenshots. News of the attack spread like wildfire…in the best way.

Security breaches are widespread, and the methods of attack that malicious actors are using are becoming smarter, faster, and harder to break. Luckily for us, the infosec community is connected and communicating. If you need to know the indicators, or have an idea of where to look and what to look for, those resources are out there, easy to tap into, and in real time. The infosec community wants to keep people safe and secure.