Google’s threat analysis team, which opposes targeted and government-sponsored hacking to the company and its users, sent nearly 40,000 warnings to account holders in 2019, including government officials, journalists, dissidents , and geopolitical rivals are the most targeted, party members said Wednesday. .
The number of warnings has decreased almost 25 percent since 2018, in part due to new protections designed to prevent cyberattacks on Google properties. Attackers have responded by reducing the frequency of their hacking attempts and being more deliberate. The group saw an increase in privacy attacks targeting news agencies and journalists. In many of these cases, the attackers seek to spread the scandal by trying to plant false stories with other journalists. Other times, the attackers send a series of random messages in hopes of striking up a story with a journalist or foreign policy expert. The attacks, which usually come from Iran and North Korea, will follow up with an email that includes a malicious attachment.
“Government-sponsored attacks often target foreign policy experts for their research, access to organizations they work with, and connections to fellow researchers or policymakers for subsequent attacks,” Toni Gidwani , a security manager in the threat analysis group, wrote in a post.
Top target
Countries with populations that have received more than 1,000 warnings include the United States, India, Pakistan, Japan, and South Korea. Wednesday’s announcement comes eight months after Microsoft said it had warned 10,000 customers of country-sponsored attacks over the previous 12 months. The software maker said it found “extensive” activity from five specific groups backed by Iran, North Korea, and Russia.
Wednesday’s post also tracked targeted attacks carried out by Sandworm, believed to be an attack group operating on behalf of the Russian Federation. Sandworm has been responsible for some of the world’s worst attacks, including cuts on Ukrainian power supplies that left the country without electricity in 2015 and 2016, NATO and the governments of Ukraine and Poland have year 2014, and according to Wired writer Andy GreenbergThe NotPetya malware created global outages, some of which lasted for weeks.
The following graph shows the Sandworm target of various companies and countries from 2017 to 2019. While the target of most companies or countries is sporadic, Ukraine is on the receiving end. attacks throughout the three-year period:
Zero-day tracking
In 2019, the Google team discovered zero-day vulnerabilities affecting Android, iOS, Windows, Chrome, and Internet Explorer. An attack group was responsible for exploiting five of the vulnerable security flaws. The attacks are used against Google, Google account holders, and users of other platforms.
“Finding so many exploits this day from the same actor in such a short time frame is rare,” Gidwani wrote.
The exploits range from legitimate websites that have been hacked, links to malicious websites, and attachments embedded in phishing emails. Most of the targets are in North Korea or against individuals working on North Korea-related issues.
The group’s policy is to notify the developers of the affected software privacy and give them seven days to release a fix or publish a proposal. If companies don’t meet that deadline, Google releases its own proposal.
A note that Google users should be aware of: of all the privacy attacks the company has seen in the past few years, none have resulted in the acquisition of accounts protected by account protection system, which among other things makes multifactor authentication mandatory. Once a person has two physical security keys from Yubi or another provider, registering in the system takes less than five minutes.