California, Nov 28 After the WhatsApp row, Google sent out over 12,000 warnings to its users worldwide, including nearly 500 in India, between July and September this year to sound them out against being targeted by “government-backed attackers”.
The report does not specify whether the attacks are by governments on their own citizens, or on other countries’ citizens.
The vast majority of the warnings involved “credential phishing emails” that attempt to access a user’s credentials such as passwords. An example is an email masquerading as a mail from Google that asks the user to enter her/his password. Some concerted campaigns in this regard have been discovered in Russia and South Korea, Google stated.
The development comes days after another social media giant, WhatsApp, stated that an Israeli spyware called Pegasus had been used to spy on journalists and human rights activists worldwide, including 121 people in India.
The NSO Group, which owns Pegasus, maintains that it sells to governments. In a blog, Google’s Shane Huntley stated that the company’s Threat Analytics Group (TAG) tracks “more than 270 targeted or government-backed groups from more than 50 countries”. These groups have many goals, “including intelligence collection, stealing intellectual property, targeting dissidents and activists, destructive cyber attacks, or spreading coordinated disinformation”, according to the company.
Google said it uses the intelligence it gathers from such information to protect its infrastructure as well as users targeted with malware or phishing. The rate of these attacks has not changed significantly in the past two years, as the number is similar to the same period in 2018 and 2017.
The US, Canada, Afghanistan, and South Korea had the most user warnings, with some of them facing more than 1,000 warnings, Google stated.
In 2018, Google’s TAG blog posted, “In recent months, we’ve detected and blocked attempts by state-sponsored actors in various countries to target political campaigns, journalists, activists, and academics located around the world. When we’ve seen these types of attacks, we’ve notified users as well as law enforcement.”
“Over 90 per cent of these users were targeted via ‘credential phishing emails’… These are usually attempts to obtain the target’s password or other account credentials to hijack their account. We encourage high-risk users — like journalists, human rights activists, and political campaigns — to enroll in our Advanced Protection Program (APP),” Google said.
APP uses hardware security keys and provides the strongest protections available against phishing and account hijackings and is designed specifically for the highest-risk accounts, it added.