Google Warns Thousands Each Month of State-Sponsored Attacks
22.8.18 securityweek Attack
Each month, Google sends thousands of warnings to users who might have been targeted in government-backed attacks, even if the attempts have been blocked.
Highly targeted and more sophisticated when compared to typical phishing attempts, which are mainly focused on financial fraud, these state-sponsored attacks come from dozens of countries worldwide, Google says.
Only an extremely small fraction of Google’s users have received such an alert, and they don’t necessarily mean that accounts have been compromised, but the search giant urges all of those who receive the notification to take immediate action.
“We hope you never receive this type of warning, but if you do, please take action right away to enhance the security of your accounts,” Google says.
Users are also provided with guidance on how to improve the security of their accounts, but they can choose to dismiss the warning.
The Internet company has been issuing such alerts since 2012, and recently also brought the warnings to G Suite. Thus, administrators receive an alert when the company detects a possible government-backed phishing attempt targeting a user in the admin’s corporate network.
The warnings themselves have evolved over time from simple text messages displayed at the top of recipient’s Gmail page to more prominent banners.
Such warnings don’t arrive immediately after the phishing attempt was detected, but are sent periodically, to ensure that the attackers can’t determine the technology that allows Google to detect the attacks.
“We intentionally send these notices in batches to all users who may be at risk, rather than at the moment we detect the threat itself, so that attackers cannot track some of our defense strategies. We have an expert team in our Threat Analysis Group, and we use a variety of technologies to detect these attempts,” Google reveals.
In addition to alerting the user, the web search company informs the law enforcement on the detected attempts, so they can investigate the incidents on their own.
To improve the security of their accounts, all users are advised to enable two-step verification in Gmail. Those who believe they might be targeted by government-backed phishing should also consider enrolling in the Advanced Protection Program, Google underlines.