Google sent out thousands of warnings about nation-state attacks
Google’s Threat Analysis Group works to protect the company and its users from government-backed hacking attempts
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Last yearGoogle’sThreat Analysis Group(TAG) sent out almost 40,000 warnings to users whose accounts were targeted by government-backed phishing or malware attempts.
TAG works to counter targeted and government-backed hacking against the search giant and its users. While 40,000 warnings may seem like a lot, this figure actually represents almost a 25 percent drop in the number of warnings Google sent out in 2018.
The company credits itsAdvanced Protection Program(APP) as well as the fact that attackers' efforts have slowed and they’re more deliberate in their hacking attempts as reasons behind the decline in warnings sent out last year.
After reviewing thephishing attemptsthat occurred since the beginning of this year, Google revealed that it has seen a rising number of attackers, including those from Iran and North Korea, impersonating news outlets or journalists. Often times an attacker will impersonate a journalist to seed false stories with other reporters in an effort to spreaddisinformationwhile in other cases attackers send several emails to build rapport with a journalist before sending a malicious attachment in a follow up email.
Tracking zero-day vulnerabilities
Zero day vulnerabilitiesare unknown software flaws that can be exploited by attackers until they’re identified and fixed. TAG actively hunts for these types of attacks because they are particularly dangerous and have a high rate of success.
In 2019 alone, TAG discovered zero-day vulnerabilities in a number of platforms and software including Android, Chrome, iOS, Internet Explorer and Windows. Recently the group was acknowledged for identifying aremote code execution vulnerability in Internet Explorertracked as CVE-2020-0674.
Last year, TAG discovered that a single threat actor was leveraging five different zero-day vulnerabilities which is quite rare to do in a relatively short time frame. The exploits were delivered using compromised legitimate websites, links to malicious websites and email attachments sent in spear phishing campaigns. The majority of targets in these attacks were either from North Korea or individuals who worked on North Korea-related issues.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Security engineering manager of Google’s TAG, Toni Gidwani explained in ablog postthat the group will continue tracking bad actors and sharing the information it uncovers, saying:
“Our Threat Analyst Group will continue to identify bad actors and share relevant information with others in the industry. Our goal is to bring awareness to these issues to protect you and fight bad actors to prevent future attacks. In a future update, we’ll provide details on attackers using lures related to COVID-19 and expected behavior we’re observing (all within the normal range of attacker activity)”
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.
Don’t search for information on cats at work — you could be at risk of being hacked
This dangerous new malware is hitting Windows devices by hiding in games
3 questions to ask before buying a robot vacuum in the Black Friday sales
