Establishing Digital Trust: Don't Sacrifice Security for Convenience
Google recently announced a new system that will alert users if the company believes they've been the target of state-sponsored cyber attacks.
"They'll see a warning reading: 'We believe state-sponsored attackers may be attempting to compromise your account or computer,' and be prompted to change passwords and take other steps to secure their accounts," writes TG Daily's Emma Woollacott.
"You might ask how we know this activity is state-sponsored," Google vice president Eric Grosse wrote in a blog post. "We can’t go into the details without giving away information that would be helpful to these bad actors, but our detailed analysis -- as well as victim reports -- strongly suggest the involvement of states or groups that are state-sponsored. We believe it is our duty to be proactive in notifying users about attacks or potential attacks so that they can take action to protect their information. And we will continue to update these notifications based on the latest information."
"Getting the warning does not mean a user's account has been hacked, the company said, but that Google believes the account has been a target of phishing, malware or other hacking tools," writes CNN's Richard Allen Greene.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
"If you receive the warning, Google suggests you immediately change your password to something more secure, enable two-step verification, and update your browser, plugins and operating system," writes SecurityNewsDaily's Matt Liebowitz. "Google also warned users to be on the lookout for spoofed sign-in pages trying to steal passwords."
"The company has been especially aware of the ongoing epidemic of state-sponsored espionage since it experienced its own major hacking incident in January of 2010, which was implied at the time to have been carried out by the Chinese government, a notion further confirmed by WikiLeaks’ leaked State Department cables," writes Forbes' Andy Greenberg. "In March of that year, Google began showing users warnings when it detected suspicious behavior on their accounts."
In response to Google's announcement, ESET security researcher Cameron Camp posted some thoughts on how to stop such attacks. "[One] size definitely doesn't fit all, and your mileage may vary, but having different defense layers and protections in place give state-sponsored scams a lot higher barrier of entry," Camp writes. "There is no 'perfect defense,' but a series of tough obstacles sure makes it lot tougher for overseas scammers trying to do harm."