Google’s Threat Analysis Group (TAG) might be a specialized team of security experts that works to identify, report, and stop government-backed phishing and hacking against Google and also the those that use our products. We work across Google products to identify new vulnerabilities and threats. Today we’re sharing our latest findings and also the threats we’re seeing in relevancy COVID-19.
COVID-19 as general bait
Hackers frequently study crises as an opportunity, and COVID-19 is no different. Across Google products, we’re seeing bad actors use COVID-related themes to make urgency so people answer phishing attacks and scams. Our security systems have detected examples ranging from fake solicitations for charities and NGOs to messages that try and mimic employer communications to employees performing from home to websites posing as official government pages and public health agencies. Recently, our systems have detected 18 million malware and phishing Gmail messages per day related to COVID-19, additionally too quite 240 million COVID-related daily spam messages. Our machine learning models have evolved to grasp and filter these threats, which we still block quite 99.9 per cent of spam, phishing and malware from reaching our users.
How government-backed attackers are using COVID-19
TAG has specifically identified over a dozen government-backed attacker groups using COVID-19 themes as a lure for phishing and malware attempts—trying to induce their targets to click malicious links and download files.
Location of users targeted by government-backed COVID-19 related attacks
Location of users targeted by government-backed COVID-19 related attacks
One notable campaign attempted to specialise in personal accounts of U.S. government employees with phishing lures using American sustenance franchises and COVID-19 messaging. Some messages offered free meals and coupons in response to COVID-19, others suggested recipients visit sites disguised as online ordering and delivery options. Once people clicked on the emails, they were presented with phishing pages designed to trick them into providing their Google account credentials. The overwhelming majority of these messages were sent to spam with none user ever seeing them, which we were able to preemptively block the domains using Safe Browsing. We’re not conscious of any user having their account compromised by this campaign, but as was common, we notify all targeted users with a “government-backed attacker” warning.
We’ve also seen attackers try and trick people into downloading malware by impersonating health organizations:
Attackers impersonating health organizations
International and national health organizations became targets
Our team also found new, COVID-19-specific targeting of international health organizations, including activity that corroborates reporting in Reuters earlier this month and is in line with the threat actor group often spoken as Charming Kitten. The team has seen similar activity from a South American actor, known externally as Packrat, with emails that linked to an internet site spoofing the earth Health Organization’s login page. These findings show that health organizations, public health agencies, and also the individuals who work there became new targets as a result of COVID-19. We're proactively adding extra security protections, like higher thresholds for Google Account sign-on and recovery, to quite 50,000 of such high-risk accounts.
Contact message from Charming Kitten and packrat phishing page
Left: Contact message from Charming Kitten. Right: Packrat phishing page
Generally, we’re not seeing an overall rise in phishing attacks by government-backed groups; this could be just a change in tactics. In fact, we saw a tiny low decrease in overall volumes in March compared to January and February. While it’s commonplace to figure out some fluctuations in these numbers, it is often that attackers, rather like many other organizations, are experiencing productivity lags and issues due to global lockdowns and quarantine efforts.
Accounts that received a “government-backed attacker” warning in 2020
Accounts that received a “government-backed attacker” warning monthly of 2020
When working to identify and forestall threats, we use a mixture of internal investigative tools, information sharing with industry partners and enforcement, moreover as leads and intelligence from third-party researchers. to help support this broader security researcher community, Google is providing quite $200,000 in grants as an element of a novel Vulnerability Research Grant COVID-19 fund for Google VRP researchers who help identify various vulnerabilities.
As the world continues to retort to COVID-19, we expect to figure out new lures and schemes. Our teams still track these and stop them before they reach people—and we’ll still share new and interesting finding
Source: Google Blog
Hello My Name is DP Learn Engineering with Subscribe us to get Notified about New Post
No comments:
Post a Comment