{"id":259078,"date":"2025-11-03T15:57:08","date_gmt":"2025-11-03T15:57:08","guid":{"rendered":"https:\/\/www.newsbeep.com\/ca\/259078\/"},"modified":"2025-11-03T15:57:08","modified_gmt":"2025-11-03T15:57:08","slug":"warning-as-google-and-microsoft-calendar-hack-surge-confirmed","status":"publish","type":"post","link":"https:\/\/www.newsbeep.com\/ca\/259078\/","title":{"rendered":"Warning As Google And Microsoft Calendar Hack Surge Confirmed"},"content":{"rendered":"

\"Google<\/p>\n

Beware malicious Google and Microsoft calendar invites.<\/p>\n

SOPA Images\/LightRocket via Getty Images<\/p>\n

Not all cybersecurity attacks involve unsupported operating systems<\/a>, vulnerabilities without a patch<\/a>, or password-stealing malware<\/a>. Many, it has to be said, come under the remit of social engineering, exploiting human weaknesses alongside a little technical threat tomfoolery<\/a>. The latest such warning has come from Sublime Security after it \u201cobserved a significant influx in phishing attacks\u201d against users of Google Workspace and Microsoft 365 calendars. Here\u2019s what you need to know and do.<\/p>\n

ForbesMicrosoft Sounds Windows 11 And Server Update Failure AlarmBy Davey Winder<\/a>A Surge Of Malicious Google And Microsoft Calendar Invites <\/p>\n

It has been almost a year since I last reported<\/a> about the threat surface that is, erm, your calendar. Yet that threat has not gone away, and Google and Microsoft users are now being warned of a surge in attacks that use calendar invites as a method to evade security solutions and deliver their undoubtedly dangerous payloads. A newly published report<\/a> by Ahry Jeon, a product manager, and Brandon Murphy, a threat detection engineer, both working at Sublime Security, warns that \u201cdepending on the settings of the target\u2019s calendar, even if the email message is automatically quarantined by an email security solution, the calendar entry often remains on the target\u2019s calendar.\u201d<\/p>\n

An .ics file is a calendar data format used to enable the sharing of events between calendar applications from the likes of Apple, Google, and Microsoft. It is a hugely popular format, not least thanks to the ability to automatically add invites to calendars from Google Workspace and Microsoft 365. In the latter, the security boffins warn, \u201cit will also bring attachments from the email into the invitation.\u201d Obviously, this provides an attacker with a double-whammy threat of the email and the invite to deliver a payload. Double-whammy threat, double the chance of success.<\/p>\n

ForbesLinkedIn DM Attack Warning \u2014 What Users Need To KnowBy Davey Winder<\/a><\/p>\n

The Sublime report provides a number of examples of this kind of attack, and I recommend reading it yourself to get up to speed with these. The bullet point summary is:<\/p>\n

ICS phishing in the body of a calendar entryICS phishing with a QR code in an attachmentICS phishing with attached HTML<\/p>\n

I have reached out to both Google and Microsoft regarding the report and the dangers of .ics phishing attacks for advice to users. In the meantime, Sublime offers the following suggestions for securing your calendars: In the Google Workspace Admin Console, go to Apps|Google Workspace|Calendar|Advanced settings and ensure the \u2018Add invitations to my calendar\u2019 option is set to \u2018Invitations from known senders\u2019 or \u2018Invitations users have responded to via email.\u2019 For Microsoft 365, use PowerShell commands to set AutomateProcessing to None and disable the \u2018Calendar Attendant\u2019 from automatically processing invites.<\/p>\n","protected":false},"excerpt":{"rendered":"Beware malicious Google and Microsoft calendar invites. SOPA Images\/LightRocket via Getty Images Not all cybersecurity attacks involve unsupported…\n","protected":false},"author":2,"featured_media":259079,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[49,120285,120284,48,42746,120287,120283,63,116293,120282,120286,61],"class_list":{"0":"post-259078","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-technology","8":"tag-ca","9":"tag-calendar-hack","10":"tag-calendar-invite-attack","11":"tag-canada","12":"tag-google-calendar","13":"tag-ics-hack","14":"tag-ics-phsihing","15":"tag-microsoft","16":"tag-microsoft-365","17":"tag-microsoft-365-calendar","18":"tag-sublime-security","19":"tag-technology"},"_links":{"self":[{"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/posts\/259078","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/comments?post=259078"}],"version-history":[{"count":0,"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/posts\/259078\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/media\/259079"}],"wp:attachment":[{"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/media?parent=259078"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/categories?post=259078"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/tags?post=259078"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}