Hackers prowl on Google products, SA among the targets

Read time 2min 20sec

On any given day, Google’s Threat Analysis Group tracks more than 270 targeted or government-backed attacker groups from more than 50 countries.

This warning comes on the back of increased cyber security threats locally. Since the COVID-19 nation-wide lockdown, there’s been a significant increase in the number of malware alerts in SA.

Google says last month, it sent 1 755 warnings globally to users whose accounts were targets of government-backed attackers.

SA was among the targets of government-backed phishing attempts in April; however, the hackers have mostly been luring business leaders in the US, Slovenia, Canada, India, Bahrain, Cyprus and the UK, the Internet search giant says.

It says hackers lure their targets in disguise of informing them of the latest COVID-19 announcements, and hack their personal and financial information.

In a blog post, Google says: “Our team of analysts and security experts is focused on identifying and stopping issues like phishing campaigns, zero-day vulnerabilities and hacking against Google, our products and our users.

“The lures themselves encourage individuals to sign up for direct notifications from the WHO [World Health Organisation] to stay informed of COVID-19-related announcements, and link to attacker-hosted Web sites that bear a strong resemblance to the official WHO Web site. The sites typically feature fake login pages that prompt potential victims to give up their Google account credentials, and occasionally encourage individuals to give up other personal information, such as their phone numbers.

“Government-backed or state-sponsored groups have different goals in carrying out their attacks. Some are looking to collect intelligence or steal intellectual property; others are targeting dissidents or activists, or attempting to engage in coordinated influence operations and disinformation campaigns.”

Google notes its products are “designed with robust built-in security features, like Gmail protections against phishing and Safe Browsing in Chrome, but we still dedicate significant resources to developing new tools and technology to help identify, track and stop this kind of activity”.

In addition to its internal investigations, Google says it works with law enforcement, industry partners and third-parties like specialised security firms to assess and share intelligence.

Google says since March, it has removed more than a thousand YouTube channels that it believes to be part of a large campaign.

“These channels were mostly uploading spammy, non-political content, but a small subset posted primarily Chinese-language political content similar to the findings of a recent Graphika report,” it says.

See also