Skip to content

Why MSPs Are Essential in Safeguarding SMBs from Google Sheets Exploitation in Cyber Attacks

Main Takeaways: 

  1. Growing Threats: Cyber attackers are now using everyday tools like Google Sheets to orchestrate and manage malware campaigns, making it harder for small and medium businesses (SMBs) to detect and defend against these attacks.
  2. MSPs as Frontline Defenders: Managed Service Providers (MSPs) play a crucial role in protecting SMBs by implementing advanced security measures, continuously monitoring for threats, and educating businesses on potential vulnerabilities in commonly used platforms like Google Sheets.
  3. Proactive Measures: MSPs can help SMBs implement practical steps, such as using advanced threat detection tools, regular software updates, and employee training, to minimize the risk of falling victim to these sophisticated cyber threats.

Blog Content:

As the digital landscape evolves, so too do the tactics of cyber attackers. Recent reports reveal that attackers are now exploiting Google Sheets, a widely-used cloud-based spreadsheet tool, to control malware campaigns. This alarming development highlights the critical role Managed Service Providers (MSPs) must play in safeguarding small and medium businesses (SMBs) that rely on these tools but may not be aware of their potential vulnerabilities.

How Cybercriminals Exploit Google Sheets:

  1. Remote Command and Control (C2): Cyber attackers are using Google Sheets as a command-and-control (C2) infrastructure. By embedding malicious scripts or commands within Google Sheets, attackers can remotely control infected machines. This allows them to execute commands, exfiltrate data, and even update the malware without being detected by traditional security tools.
  2. Evasion of Detection: Google Sheets, being a legitimate and widely-used tool, is often trusted by security systems. Attackers take advantage of this trust, using Google Sheets as a communication channel that flies under the radar of many security products. This makes it difficult for traditional firewalls and anti-malware software to detect and block these malicious activities.
  3. Phishing and Social Engineering: Attackers often combine this technique with phishing campaigns. They send emails or messages that lure victims into clicking on links that lead to Google Sheets, where malicious content is hosted. Once the victim interacts with the sheet, the malware is triggered, and the attackers gain control.

Impact on Businesses:

  1. Data Breaches: Businesses that fall victim to these attacks may suffer severe data breaches. Confidential information, including customer data, financial records, and intellectual property, can be stolen and sold on the dark web or used to blackmail the business.
  2. Operational Disruption: Once an attacker gains control of a company’s systems, they can disrupt operations by locking out legitimate users, corrupting files, or even deploying ransomware. This can lead to significant downtime, affecting productivity and potentially causing financial losses.
  3. Reputational Damage: When a business is hit by a cyber attack, especially one that leads to a data breach, it risks losing the trust of its customers and partners. The negative publicity and loss of confidence can have long-term repercussions, including loss of revenue and difficulty in acquiring new customers.
  4. Financial Costs: Beyond the immediate costs associated with downtime and lost business, companies may face fines for failing to protect sensitive data, especially if they are in regulated industries. They may also need to invest in new security measures and undergo audits to regain compliance, further adding to the financial burden.

Why MSPs Are Vital for SMB Security

Managed Service Providers serve as the first line of defense for SMBs against these sophisticated attacks. With their deep understanding of cybersecurity and access to advanced tools, MSPs can:

  • Detect and Respond to Threats: MSPs can deploy advanced threat detection systems that monitor activity within platforms like Google Sheets, identifying and neutralizing suspicious behaviors before they can cause harm.
  • Educate and Train Employees: Cybersecurity is not just about technology; it’s also about people. MSPs can provide essential training for SMB employees, helping them recognize phishing attempts, suspicious activity, and best practices for using cloud-based tools safely.
  • Regularly Update and Patch Systems: MSPs ensure that all systems and software used by SMBs are up-to-date with the latest security patches, significantly reducing the likelihood of exploitation by cyber attackers.

Practical Steps for Businesses:

To protect against these types of attacks, businesses, especially SMBs, should consider the following steps:

  1. Enhance Security Awareness: Regularly train employees on the dangers of phishing and how to recognize suspicious links, even those that appear to come from trusted sources like Google Sheets.
  2. Implement Advanced Threat Detection: Use security solutions that can detect and respond to unusual activity within cloud-based applications like Google Sheets.
  3. Restrict Access: Limit access to sensitive documents and ensure that only authorized personnel can edit or share these documents.
  4. Enable Two-Factor Authentication (2FA): Implementing 2FA adds an extra layer of security, making it harder for attackers to gain unauthorized access to accounts.
  5. Regular Security Audits: Conduct regular security audits to identify vulnerabilities in your systems and address them before attackers can exploit them.
  6. Engage with an MSP: Consider partnering with a Managed Service Provider (MSP) to ensure that your business is protected with the latest security practices and tools, and that there is continuous monitoring for potential threats.

In an era where cyber threats are increasingly sophisticated and pervasive, the role of MSPs in protecting SMBs has never been more crucial. By staying informed and proactive, MSPs can ensure that their clients remain secure, even as attackers evolve their methods to exploit the very tools that businesses depend on.

Start Free Trial

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Guardz
Guardz is on a mission to create a safer digital world by empowering Managed Service Providers (MSPs). Their goal is to proactively secure and insure Small and Medium Enterprises (SMEs) against ever-evolving threats while simultaneously creating new revenue streams, all on one unified platform.

ESET Research: CosmicBeetle group joins forces with other ransomware gangs, targets businesses in Europe and Asia

  • ESET Research investigated ScRansom, a novel ransomware developed by the CosmicBeetle threat group. 
  • CosmicBeetle has been experimenting with the leaked LockBit builder and trying to mimic LockBit’s brand.
  • Furthermore, CosmicBeetle is likely a recent affiliate of the ransomware-as-a-service actor RansomHub, active since March 2024.
  • ScRansom is continually improving; however, it is impossible to restore some files.
  • CosmicBeetle exploits years-old vulnerabilities to breach SMBs with a focus on Europe and Asia.

BRATISLAVA, PRAGUESeptember 10, 2024 — ESET researchers have mapped the recent activities of the CosmicBeetle threat group, documenting its new ScRansom ransomware being deployed and discovering connections to other well-established ransomware gangs. CosmicBeetle has been spreading ransomware to small and medium businesses (SMBs), mainly in Europe and Asia. ESET Research has observed the threat actor using the leaked LockBit builder and trying to leverage LockBit’s ransomware reputation. Besides LockBit, ESET believes that CosmicBeetle is probably a new affiliate of ransomware-as-a-service actor RansomHub, a new ransomware gang active since March 2024 with rapidly increasing activity.

“Probably due to the obstacles that writing custom ransomware from scratch brings, CosmicBeetle attempted to leech off LockBit’s reputation, possibly to mask the issues in the underlying ransomware and in turn to increase the chance that victims would pay,” says ESET researcher Jakub Souček, who analyzed the latest activity of CosmicBeetle. “Additionally, recently, we observed the deployment of ScRansom and RansomHub payloads on the same machine only a week apart. This execution of RansomHub was very unusual compared to the typical cases we have seen in ESET telemetry, but quite similar to CosmicBeetle’s modus operandi. Since there are no public leaks of RansomHub, this leads us to believe with medium confidence that CosmicBeetle may be a recent affiliate of theirs,” adds Souček.

CosmicBeetle often uses brute-force methods to breach its targets. Besides that, it misuses various known vulnerabilities. Small and medium-sized businesses from all sorts of verticals all over the world are the most common victims of this threat actor because that is the segment most likely to use the affected software, or lack robust patch management processes in place. ESET Research has observed attacks on SMBs in the following verticals: manufacturing, pharmaceuticals, legal, education, healthcare, technology, hospitality leisure, financial services, and regional government.

Besides encrypting, ScRansom can also kill various processes and services on the affected machine. ScRansom is not a very sophisticated piece of ransomware, though CosmicBeetle has been able to compromise interesting targets and cause great harm to them. This is mostly because CosmicBeetle is an immature actor in the ransomware world, and problems plague the deployment of ScRansom. Victims affected by ScRansom, who decide to pay, should be cautious.

ESET Research was able to obtain a decryptor implemented by CosmicBeetle for its recent encryption scheme. ScRansom is undergoing constant development, which is never a good sign for ransomware. The overcomplexity of the encryption (and decryption) process is prone to errors, making restoration of all files doubtful. Successful decryption relies on the decryptor working properly and on CosmicBeetle providing all the necessary keys, and even in that case, some files may be destroyed permanently by the threat actor. Even in the best-case scenario, decryption is long and complicated.

CosmicBeetle, active since at least 2020, is the name ESET researchers assigned to a threat actor discovered in 2023. This threat actor is most known for the usage of its custom collection of Delphi tools, commonly called Spacecolon, consisting of ScHackTool, ScInstaller, ScService, and ScPatcher.

For more technical information about the latest activity of CosmicBeetle, check out the blogpost “CosmicBeetle steps up: Probation period at RansomHub” on WeLiveSecurity.com. Make sure to follow ESET Research on Twitter (today known as X) for the latest news from ESET Research.

Heatmap of CosmicBeetle attacks since August 2023, according to ESET telemetry

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×