Google says that it delivered almost 40,000 alerts of state-sponsored phishing or malware hacking attempts to its users during 2019, with a 25% drop when compared to the previous year.
One of the reasons behind this notable drop in the number of government-backed hacking incidents is the increasingly effective protections Google sets up to protect its users.
Due to the more effective protections, hackers are forced to slow down their attacks and try to adapt their campaigns which leads to less frequent hacking attempts.
Journalist and news outlet impersonation were among the most frequently identified phishing methods used by state-backed hackers during 2019 according to Toni Gidwani, a Security Engineering Manager with Google’s Threat Analysis Group (TAG).
“For example, attackers impersonate a journalist to seed false stories with other reporters to spread disinformation,” he said.
“In other cases, attackers will send several benign emails to build a rapport with a journalist or foreign policy expert before sending a malicious attachment in a follow-up email.“
All Advanced Protection Program users protected from phishing
“We’ve yet to see people successfully phished if they participate in Google’s Advanced Protection Program (APP), even if they are repeatedly targeted,” Gidwani explained.
“APP provides the strongest protections available against phishing and account hijacking and is specifically designed for the highest-risk accounts.“
Google’s APP is a program designed to allow high-risk or regular users to defend their accounts from state-sponsored spear-phishing attempts using a more secure login procedure that requires them to use smartphones or security keys to verify their identity.
APP works by limiting the third-party apps and sites that can get access to a user’s data bad by blocking malicious actors from impersonating the account’s owner to take over their account with the help of additional identity checks.
Google recommends enrolling in APP to anyone at risk of targeted online attacks including but not limited to business leaders, journalists, activists, and IT administrators.
Users can learn more about how to sign up for Google’s Advanced Protection Program by going here.
“With attacks on the rise and many major events on the horizon this year like the U.S. elections in November, the Advanced Protection Program offers a simple way to incorporate the strongest account protection that Google offers,” Google Advanced Protection Program PM Shuvo Chatterjee said in January.
Attacks leveraging zero-days
Zero-day vulnerabilities were also among the favorite weapons identified by Google’s TAG during 2019 while being used in targeted campaigns, with multiple 0-days being delivered via spearphishing emails, via watering hole attacks, and links to malicious attacker-controlled sites.
In one instance, TAG researchers were able to spot five different zero-days used by a single threat actor within a really short time frame, something that rarely happens.
“TAG actively hunts for these types of attacks because they are particularly dangerous and have a high rate of success, although they account for a small number of the overall total,” Gidwani added.
Additionally, “government-backed attackers continue to consistently target geopolitical rivals, government officials, journalists, dissidents, and activists.”
For instance, Google tracked the SANDWORM Russian-backed threat group’s targeting efforts (by industry sector) during the last three years and plotted their attacks in the table embedded above.