Google Alerting Users to Suspected Hacks
Focus on State-Sponsored Attacks Culled from Intel, VictimsWith an increase in state-sponsored hacking, Google says it will alert a select subset of its Gmail e-mail users when it believes their accounts may have been targeted.
See Also: Beyond MFA: The Trick to Securing Machine Identities
"When we have specific intelligence - either directly from users or from our own monitoring efforts - we show clear warning signs and put in place extra roadblocks to thwart these bad actors," Eric Grosse, Google vice president of security engineering, writes in the company's security blog.
Users to be alerted are those Google says it believes may be the target of state-sponsored attacks.
A warning doesn't necessarily mean hackers hijacked an account, but that Google believes it might be a target of phishing or malware attacks. Grosse offers the following steps users can take to protect their accounts:
- Create a unique password that has a good mix of uppercase and lowercase letters as well punctuation marks and numbers;
- Enable two-step authentication as additional security; and
- Update your browser, operating system, plug-ins and document editors.
"You might ask how we know this activity is state-sponsored?" Gross writes. "We can't go into the details without giving away information that would be helpful to these bad actors, but our detailed analysis - as well as victim reports - strongly suggests the involvement of states or groups that are state-sponsored."
Here's what the warning looks like: