Significant security breaches have been discovered in Gmail, Outlook, Apple iCloud Mail, Yahoo and AO email which are unable to effectively filter malicious attachments.
Instant messaging like Gmail, Outlook or iCloud are renowned for their efficiency and security, so it is not surprising that millions of Internet users have adopted them. Users trust them fully and therefore tend not to be suspicious when they receive an email. After all, if it arrived in the inbox, it has passed the security tests, and therefore there is no danger. But is this really the case? Cybersecurity researchers from SquareX tested the defense tools of the major online email providers, namely Gmail, Outlook, Yahoo, AOL and Apple iCloud Mail, and were unpleasantly surprised to discover a series of critical security vulnerabilities. According to the tests they have conducted, these email messages are simply not capable of filtering malicious attachments, which puts millions of Internet users at risk.
Gmail, Outlook, iCloud Mail…: email messages that are not so secure
Researchers collected one hundred samples of malicious documents, divided into four categories: original malicious document samples from MalwareBazaar, slightly altered versions (changes in metadata and file formats), documents modified using attack tools that have been around for many years, as well as base documents that have a macro that runs programs on users’ devices. These documents were sent through a third-party email provider, ProtonMail, as well as major email providers including Gmail, Outlook, Yahoo, AOL, and Apple iCloud Mail.
It found that while email providers such as Gmail and Outlook demonstrated basic detection capabilities by identifying samples of unmodified malicious documents, they failed to detect malicious documents modified using tools attack easily accessible. A glaring cybersecurity flaw that poses a potential threat to millions of users. “If the email is delivered, the user can interact with the attachment and download it to their system“, regrets SquareX in its report. Worse still: files easily identified as malicious by antiviruses have managed to bypass the solutions of Google, Microsoft and company, in particular .ppt and .xls files.
Given that email services are generally considered secure communication channels, these findings raise important questions about the effectiveness of existing security measures and the false sense of security they provide to millions of users. users and businesses around the world. As Vivek Ramachandran, the founder and CEO of SquareX, explains to ForbesInternet users trust technology giants too much to analyze attachments exchanged by email. “Billions of Internet users and SMBs blindly trust public webmail providers to scan document attachments for security risks”, explains the company. Also, SquareX enjoins “Webmail providers to transparently publish details of the limitations of their technology” to enable users to become aware “risks and the need to use additional security products”.