Good Guy Google Tells You if You’ve Been Hacked By a Nation-State

It isn’t often that it’s acceptable to be alerted of an attack on an online account long after the attack has taken place, but Google might just have a rational reason for doing so. Unfortunately, this can often make the details and motive behind the attack unclear, as many leading journalists and professors have found out.

In late November, these journalists and professors logged in to their Google accounts to find banners alerting them of an attempted breach by “government-backed attackers.” These warnings, which also linked to account security best practices suggested by the web giant, were the latest example of Google’s initiative to alert the targets of nation-sponsored hacking that was first implemented in 2012.

Unfortunately, there is little to help glean exactly when, and from whom, these attacks originated. This is because Google protects its own detection processes by delaying the notification if an attack attempt was unsuccessful. As a result, it is very possible that these warnings came from a spear phishing campaign that Russian operatives launched after the results of the United States Presidential election were announced, in an attempt to spread a backdoor malware called “PowerDuke.”

PowerDuke had appeared in numerous attack campaigns leading up to this message, specifically directed towards US and European policy research organizations, colleges and universities, and other targets concerned with international affairs and defense. While it has not been confirmed that PowerDuke was the cause of Google’s recent notification, it is certainly a possible contender.

Regardless of what was responsible for the notification, it still serves as a valuable reminder of the importance of subscribing to some basic online security measures whenever possible.

• Take Advantage of 2FA: 2FA, or two-factor authentication, utilizes a unique password that is shared with the user via a secondary route, such as an SMS to a mobile device. Many online accounts offer 2FA as a security measure, and it should be implemented wherever available.
• Click with Caution: Before clicking on a link, especially one that is delivered in an email message, look twice: does the source appear to be who they purport to be? Some of the recent PowerDuke attacks were spread through emails that appeared to be forwarded messages from the Clinton Foundation.
• Stay Up-to-Date: Threats of all kinds are always improving, and so all of your software solutions need to improve to keep up with them. By updating when prompted, you can be sure that your defenses are as secure as possible.

While these attacks may have been focused upon journalists and academics, there are still plenty of threats out there for businesses. To keep up-to-date and well-informed on technology issues and best practices, be sure to come back to SCW’s blog.