Google has a very advanced team of in-house Threat Analysis Group whose primary function is to protect the company and its service users from hacking attacks by nation-states. It has been revealed recently in a report from the Group that in 2019 alone, the Group has released about 40,000 such warnings.
This may seem alarming, but the reality is that in 2018 these attacks were 25% more than what is reported in 2019, according to the Threat Analysis Group’s security engineering manager, Toni Gidwani. The reason for the reduction, Gidwani explains, could be due to Google’s proactive measures in curbing and disrupting hacking activities. “Attackers’ efforts have been slowed down, and they’re more deliberate in their attempts, meaning attempts are happening less frequently as attackers adapt,” Gidwani said.
What is different and interesting about the nation-state hackers is that they are not like the normal cyber-criminal ones. The Group’s analysis of the phishing attempts shows that, as far as Iran and North Korea are concerned, the way in is by impersonating journalists. This is done over a period of time, the duration varies depending on the objectives that are to be achieved. First, accounts are created for a reporter who does not exist, or rather, is really not a reporter. Through this, disinformation is spread by creating fake stories, which in turn are published by legit news outlets. Second, through these channels, the fake journo establishes relationships with news outlets and other experts who are connected to the government and know the policy details. These ‘hacks’ are based on trust and the hackers are ready to invest years together to fulfill their mission.
From this, it is probably apparent who is at a higher risk than most: the foreign policy experts. Gidwani opines that these experts are targeted more often than the others solely because their connections and research are much more valuable internationally. It comes as no surprise then that the classification of Advanced Persistent Threat is most often applied to nation-state groups.
The major positive that can be taken from this is that people who have signed up for Google’s Advanced Protection Program have never been attacked, though they have been targeted. This means that their measures to protect its users against the highest risk of attacks are paying off.
Google also addresses zero-day vulnerabilities. A zero-day vulnerability is one which is unknown to, or remains unaddressed by those who should be working towards mitigating it; basically, it refers to a newly discovered vulnerability. Gidwani, responding to the query on zero-day vulnerability to Forbes says “When we find an attack that takes advantage of a zero-day vulnerability, we report the vulnerability to the vendor and give them seven days to patch or produce an advisory, or we release an advisory ourselves.”
The next target of the Group appears to be attackers using COVID-19 as a bait, despite the scale of heartache the pandemic is leaving in its wake. “Our Threat Analyst Group will continue to identify bad actors and share relevant information with others in the industry. Our goal is to bring awareness to these issues to protect you and fight bad actors to prevent future attacks.” Gidwani is noted saying.