Google is rolling out new security features to help organizations halt email as the attack vector for ransomware.
While mass ransomware attacks have become less frequent, targeted attacks are on the rise and causing major pains for organizations, with two Florida city councils forking out $600,000 and $500,000 in ransom payments this week after sustained system outages due to ransomware.
Organizations can choose to pay huge ransoms or deal with the consequences of the malware, which cost Norwegian metal giant Norsk Hydro at least $40m within one week of an attack that crippled its production operations in North America.
Google’s new security sandbox aims to deal with these threats if they come through the inbox, addressing malicious embedded scripts in email attachments.
The email attachments will open as if the user had actually clicked on the attachment, allowing Google to check a script’s behavior and detect previously unknown threats. The company announced the feature in beta this April and is now releasing it generally for G Suite users.
The security feature is similar to the Microsoft Office 365 features available today to enterprise customers through Advanced Threat Protection, which offers a URL detonation chamber and additional protection against phishing.
G Suite admins can setup rules to define which messages are put through the security sandbox and move captured email to an admin-controlled quarantine. The features will be rolling out to enterprise customers in a few weeks.
G Suite customers can also expect new default ‘advanced phishing and malware protection’. Admins can deflect phishing email and email-borne malware to a quarantine and identity suspicious attachments and display a warning banner to users.
Google is also ramping up protections against business email compromise (BEC) fraud, which cost US companies $1.3bn in 2018.
The default security feature promises to help organizations “identify unauthenticated emails trying to spoof your domain and choose to automatically display a warning banner, send them to spam, or quarantine the messages”, Google promises.
Finally, Google is rolling out ‘confidential mode’ self-destructing email as a generally available feature in Gmail. It released the feature last year.
“Confidential mode in Gmail offers built-in Information Rights Management (IRM), which removes the option for people to forward, copy, download or print messages. This helps reduce the risk of recipients accidentally sharing confidential information with the wrong people,” Google explains.
Users can also require the recipient to authenticate via a text message to view an email.
One last security feature Google has announced for G Suite users are security codes for browsers that don’t yet support login with security keys, such as Google’s Titan keys.
The one-time codes are aimed at organizations that rely on Internet Explorer to access internal business applications.
“A user may need to access a web application that federates their Google identity, but only works on Internet Explorer 11,” Google explains.
“While the browser can’t communicate with a security key directly, the user can open a Chrome browser and generate a security code, which can then be entered in Internet Explorer to gain access to the application.”