Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Google Sees Drop in Government-Backed Phishing Attempts

Google says it has seen a drop in the number of warnings sent for potential government-backed phishing or malware attempts last year, mainly due to improved protection systems.

Google says it has seen a drop in the number of warnings sent for potential government-backed phishing or malware attempts last year, mainly due to improved protection systems.

For several years, the company has been alerting users when identifying accounts that appear to be targeted by state-sponsored attackers, and in 2019 it sent nearly 40,000 such warnings. The number, however, represents a 25% decline compared to 2018.

“One reason for this decline is that our new protections are working—attackers’ efforts have been slowed down and they’re more deliberate in their attempts, meaning attempts are happening less frequently as attackers adapt,” Google says.

The countries targeted the most in 2019 include the United States, South Korea, India, Pakistan, and Vietnam, each with more than 1,000 targeted users.

In recent months, the Internet giant observed an increase in the number of attackers who impersonate news outlets or journalists, and says that even adversaries from Iran and North Korea are adopting this tactic.

The threat actors would impersonate a journalist to seed false stories with other reporters and spread disinformation, or would send benign emails to build trust with a journalist or foreign policy expert, and then send a malicious attachment, Google notes.

Foreign policy experts are often targeted by state-sponsored threat actors for their research, for access to organizations, or to connect with researchers or policymakers for subsequent attacks. Government-backed attackers mainly focus on geopolitical rivals, government officials, journalists, dissidents and activists.

According to Google, targeted accounts are usually hit multiple times, and this has happened to one in five accounts that received warnings in 2019. The attackers launch multiple attempts using different lures and accounts, or try to compromise an associate of their target if the initial attempt fails.

Some of the attacks leverage zero-day vulnerabilities, which increases their chances of success. Although they make up a small number of the overall state-sponsored phishing attempts, these attacks are considered particularly dangerous.

Targeted zero-day vulnerabilities are immediately reported to vendors, with a 7-day grace period to deliver a patch or produce an advisory, after which the Internet giant makes information on the vulnerability public.

In 2019, zero-day vulnerabilities were discovered in Android, Chrome, iOS, Internet Explorer and Windows, and Google identified a single threat actor capitalizing on five such security flaws.

“Finding this many zero-day exploits from the same actor in a relatively short time frame is rare. […] The majority of targets we observed were from North Korea or individuals who worked on North Korea-related issues,” Google says.

Vulnerabilities that Google’s security researchers discovered last year include ones affecting Internet Explorer – CVE-2019-0676, CVE-2019-1367, and CVE-2019-1429; Chrome – CVE-2019-5786; and the Windows kernel – CVE-2019-0808.

Related: Google Shares Data on State-Sponsored Hacking Attempts

Related: Google Warns Users of Recent State-sponsored Attacks

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Nation-State

The North Korean APT tracked as TA444 is either moonlighting from its previous primary purpose, expanding its attack repertoire, or is being impersonated by...

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cybercrime

Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack

Management & Strategy

Microsoft making a multiyear, multibillion dollar investment in the artificial intelligence startup OpenAI, maker of ChatGPT and other tools.