Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Don’t Panic Over Google’s Latest State-sponsored Attack Warnings

Google: “Tens of Thousands of Users” Will See New State-sponsored Attack Warnings

Google: “Tens of Thousands of Users” Will See New State-sponsored Attack Warnings

On Tuesday, Google started issuing warnings to a subset of GMail users, explaining that state-sponsored attackers may be attempting to compromise their accounts or computers. The warnings were foreshadowed by an interview Google did with the New York Times, where it was revealed that the search giant was seeing more attacks recently than previously anticipated.

“We aren’t planning to share additional information,” a Google spokesperson told SecurityWeek Wednesday. Google did, however, confirm that the New York Times article was accurate, adding that “tens of thousands of users will see the notification.”

In June, SecurityWeek reported on the announcement from Google that they would start warning users if it was believed that they were a target of a state-sponsored attack.  

“If you see this warning it does not necessarily mean that your account has been hijacked. It just means that we believe you may be a target, of phishing or malware for example, and that you should take immediate steps to secure your account,” Eric Grosse, vice president of security engineering at Google noted in a blog post at the time.  

Fast forward four months, and Mike Wiacek, a manager on Google’s information security team, is telling the New York Times in an interview that they’ve “picked up thousands more instances of cyberattacks than it anticipated.”

“Mr. Wiacek noted that Google had seen an increase in state-sponsored activity coming from the Middle East. He declined to call out particular countries, but he said the activity was coming from “a slew of different countries” in the region,” the NYT’s Bits Blog reported.

The warnings are just that, warnings. As mentioned in June by Google, the fact that someone sees such a notice is not a clear indication of a pending attack, nor is it proof that a successful attack has occurred.

Advertisement. Scroll to continue reading.

This past summer, Google said that they couldn’t go into the details on how they know that certain activities were state-sponsored without giving away details that would be helpful to those initiating the attacks. Adding that, “our detailed analysis—as well as victim reports—strongly suggest the involvement of states or groups that are state-sponsored.”

Google, like other large corporations online, is hooked into the security community. They get reports from users, vendors, and collect data on their own – and use this to make a risk assessment. The warnings that have been reported recently and the emergence of new attack patterns that were not previously anticipated, aren’t something to be concerned about; they are a natural progression of information gathering.

There has been an uptick in the number of attacks that are targeting corporations and people in the U.S., sourced directly from the Middle East, Eastern Europe, North Africa, and Southern Asia. A recent example of this would be DDoS attacks against financial organizations sourced to Iran, Phishing attacks against activists in Syria, or the Internet Explorer zero-day that was recently patched, which was used by attackers in China to spread malware.

Google is all about patterns. So if a known attack, targeting a limited number of people or focused on a region, is spotted by security vendors or on Google’s own network, then it is only right that anyone else who may fall within that same pattern be notified that something could be amiss.

Google’s latest round of warnings to journalists or NGO employees, given the emergence of new attack data and patterns, is the equivalent of a warning to the average user that a email from a bank, with a typo, malformed URL, or broken image, is likely a Phishing attempt. Maybe it is, maybe it isn’t, but the email matches a pattern, so the user is warned.

“Google works hard every day to help our users protect their information. That’s why we developed this warning to supplement our existing account security protections,” the Google spokesperson said. “We hope these prominent messages will encourage affected users to take steps to strengthen the security of their accounts and computers.”

When it comes to advice on dealing with potential threats, the link offered by Google in their state-sponsored warnings actually has sound advice, which you can view here. Either way, the warnings are just what they claim to be, a brief heads up from Google that should not evoke fear or panic, but should serve as a reminder for users to remain vigilant. 

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cyberwarfare

Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.