Google has time and again tried to help and support people through its various measures. Since a couple of years, there has been a constant threat of state-sponsored cyber attacks against human rights activists, politicians and other high-profile personnel.
In 2012, Google deployed the policy of issuing warnings for the users that were believed to become a target of "state-sponsored attacks" on Chrome or Google's web services. According to Google, the attacks could be any form of malware, phishing campaigns, exploitation of some other vulnerabilities, or something else, including trojan like Flame, which was a cyberespionage worm that infected thousands of machines in the Middle East in 2012.
So, after many threats of various nature to the cybersecurity of users, Google came up with a Threat Analysis Group (TAG), which has been working for over a decade now. Its main aim is to counter government-backed/state-sponsored and targeted hacking against Google and its millions of users.
Daily, TAG encounters and defeats these threats by early detection and issuing a prompt warning to the targeted users, through all the Google products which include Google Mail (Gmail), Google Drive, and YouTube. It works for more than fifty countries, against more than 270 targeted or state-sponsored hacking groups.
These government-backed hacking groups have different agendas, including the collection of intelligence, targeting activists, stealing information, or for spreading disinformation in a coordinated manner.
Google makes sure to counter and defeat all these threats to protect its infrastructure as well as the targeted users.
According to Toni Gidwani Security Engineering Manager, in 2019, TAG posted more than 40,000 phishing alerts.
Comparing with 2018, the attacks were dropped 25 percent in 2019.
Amongst many threats, TAG has to encounter dangerous zero-day attacks, which target the vulnerabilities through the exploitation of unknown flaws in the software.
In 2019, multiple zero-day vulnerabilities in Google's Android Chrome web browser were detected by TAG. And later, zero-day vulnerabilities were detected in Apple's iOS and Microsoft's Windows operating systems too.
Now, because of the danger these unknown threats present to users, vendors get a week to overcome or warn users about zero-days, otherwise, TAG releases a warning about them.
In 2017, Google launched the Advanced Protection Program (APP) which is specifically designed for the accounts at the highest risk. It utilizes hardware security keys and provides more strong protection against phishing and account hackings.
Over the past few years, more than 90 percent of these targeted users were attacked through credential phishing emails, which are meant to obtain the target’s password or other account credentials to hack their account. Another method often used by these groups is that they compromise legitimate web sites and set up malicious ones in their place, which the target users are tricked into visiting.
As per recent report, most of these attackers have adopted a new method. They impersonate news media and journalists to target high-risk users, and to spread disinformation and false stories in coordination with other journalists. They build a rapport with other journalists or experts in foreign policy by exchanging innocent and innocuous emails at first, and once the conversation and trust develop, they follow up with messages having malicious content.
TAG is also detecting some government-based threat impersonators using the coronavirus pandemic as a trap. So, a warning has been issued to all the related high-risk accounts and users.
Read next: Google Chrome Canary Adds new Privacy Settings and Security Check for Web Users
In 2012, Google deployed the policy of issuing warnings for the users that were believed to become a target of "state-sponsored attacks" on Chrome or Google's web services. According to Google, the attacks could be any form of malware, phishing campaigns, exploitation of some other vulnerabilities, or something else, including trojan like Flame, which was a cyberespionage worm that infected thousands of machines in the Middle East in 2012.
So, after many threats of various nature to the cybersecurity of users, Google came up with a Threat Analysis Group (TAG), which has been working for over a decade now. Its main aim is to counter government-backed/state-sponsored and targeted hacking against Google and its millions of users.
Daily, TAG encounters and defeats these threats by early detection and issuing a prompt warning to the targeted users, through all the Google products which include Google Mail (Gmail), Google Drive, and YouTube. It works for more than fifty countries, against more than 270 targeted or state-sponsored hacking groups.
These government-backed hacking groups have different agendas, including the collection of intelligence, targeting activists, stealing information, or for spreading disinformation in a coordinated manner.
Google makes sure to counter and defeat all these threats to protect its infrastructure as well as the targeted users.
According to Toni Gidwani Security Engineering Manager, in 2019, TAG posted more than 40,000 phishing alerts.
Comparing with 2018, the attacks were dropped 25 percent in 2019.
Amongst many threats, TAG has to encounter dangerous zero-day attacks, which target the vulnerabilities through the exploitation of unknown flaws in the software.
In 2019, multiple zero-day vulnerabilities in Google's Android Chrome web browser were detected by TAG. And later, zero-day vulnerabilities were detected in Apple's iOS and Microsoft's Windows operating systems too.
Now, because of the danger these unknown threats present to users, vendors get a week to overcome or warn users about zero-days, otherwise, TAG releases a warning about them.
In 2017, Google launched the Advanced Protection Program (APP) which is specifically designed for the accounts at the highest risk. It utilizes hardware security keys and provides more strong protection against phishing and account hackings.
Over the past few years, more than 90 percent of these targeted users were attacked through credential phishing emails, which are meant to obtain the target’s password or other account credentials to hack their account. Another method often used by these groups is that they compromise legitimate web sites and set up malicious ones in their place, which the target users are tricked into visiting.
As per recent report, most of these attackers have adopted a new method. They impersonate news media and journalists to target high-risk users, and to spread disinformation and false stories in coordination with other journalists. They build a rapport with other journalists or experts in foreign policy by exchanging innocent and innocuous emails at first, and once the conversation and trust develop, they follow up with messages having malicious content.
TAG is also detecting some government-based threat impersonators using the coronavirus pandemic as a trap. So, a warning has been issued to all the related high-risk accounts and users.
Read next: Google Chrome Canary Adds new Privacy Settings and Security Check for Web Users