On October 7, 14,000 Google customers were informed that they were potential targets of Russian government-backed threat actors. The next day, the internet giant released cybersecurity upgrades, focusing on high-profile users' email accounts, such as politicians and journalists.
APT28, also known as Fancy Bear, a Russian-linked threat organisation, has allegedly increased its efforts to target high-profile people.
According to MITRE ATT&CK, APT28 has been operating on behalf of Russia's General Staff Main Intelligence Directorate 85th Main Special Service Center military unit 26165 since at least 2004.
This particular operation, discovered in September, prompted a Government-Backed Attack alert to Google users this week, according to Shane Huntley, head of Google's Threat Analysis Group, or TAG, which handles state-sponsored attacks.
Huntley verified that Gmail stopped and categorised the Fancy Bear phishing operation as spam. Google has advised targeted users to sign up for its Advanced Protection Program for all accounts.
Erich Kron, a former security manager for the U.S. Army’s 2nd Regional Cyber Center, told ISMG: "Nation-state-backed APTs are nothing new and will continue to be a significant menace … as cyber warfare is simply a part of modern geopolitics."
Huntley said on Thursday in his Twitter thread, "TAG sent an above-average batch of government-backed security warnings. … Firstly these warnings indicate targeting NOT compromise. … The increased numbers this month come from a small number of widely targeted campaigns which were blocked."
"The warning really mostly tells people you are a potential target for the next attack so, now may be a good time to take some security actions. … If you are an activist/journalist/government official or work in NatSec, this warning honestly shouldn't be a surprise. At some point some govt. backed entity probably will try to send you something."
Google's Security Keys
Following the news of Fancy Bear's supposed targeting of high-profile individuals, Google stated in a blog post that cybersecurity functionalities in its APP programme will safeguard against certain attacks and that it was collaborating with organisations to distribute 10,000 free security keys to higher-profile individuals. The keys are two-factor authentication devices tapped by users during suspicious logins.
According to Grace Hoyt, Google's partnerships manager, and Nafis Zebarjadi, its product manager for account security, Google's APP programme is updated to adapt to evolving threats - it is accessible to users, but is suggested for elected officials, political campaigns, activists, and journalists. It protects from phishing, malware, harmful downloads, and unwanted access.
Alvarado, currently the threat intelligence team lead at the security firm Digital Shadows stated, "Although Google's actions are certainly a step in the right direction … the old saying, 'Where there is a will, there is a way,' still applies. … These [security] keys will undoubtedly make an attacker's job more difficult, but there are plenty of other options and vulnerabilities for [threat actors] to achieve their goals.
KnowBe4's Kron alerted, "These security keys, while useful in their own limited scope, do not stop phishing emails from being successful. They only help when an attacker already has access to, or a way to bypass, the username and password for the email account being targeted."
Global Partnerships
Google stated it has partnered with the International Foundation for Electoral Systems, the UN Women Generation Equality Action Coalition for Technology and Innovation; and the nonprofit, nonpartisan organisation Defending Digital Campaigns in its initiatives to distribute 10,000 security keys.
Google claims that as part of its partnership with the IFES, it has sent free security keys to journalists in the Middle East and female activists throughout Asia.
Google stated it is giving security training through UN Women for UN chapters and groups that assist women in media, politics, and activism, as well as those in the C-suite.
2FA Auto-Enrollment
In a blog post on October 5, Google's group product manager for Chrome, AbdelKarim Mardini, and Guemmy Kim, Google's director of account security and safety, wrote that by the end of 2021, Google also aims to auto-enrol 150 million additional users in two-factor authentication - and require 2 million YouTubers to do the same.
"We know that having a second form of authentication dramatically decreases an attacker's chance of gaining access to an account," Mardini and Kim wrote.
"Two-step verification [is] one of the most reliable ways to prevent unauthorized access,"
Google said in May that it will soon begin automatically enrolling customers in 2-Step Verification if their accounts were configured correctly.
This week, Google announced that it is auto-enrolling Google accounts with "proper backup mechanisms in place" to move to 2SV.
