In June this year, Google began issuing warnings to users whose accounts it suspected had been compromised due to state-sponsored attacks. A post on New York Times blog now reveals that tens of thousands of users have been spotting the warning on their Gmail inbox, Google homepage or Chrome browser, since Google suspects their accounts of being hit by malware, which may be state-sponsored. The post shares that since Google began informing users of its suspicion, it has found more and varied instances of state-initiated attacks on Google account users.
Forewarned is forearmed
In an interview, Mike Wiacek, a manager on Google’s information security team, shared that since June, the company has had information pertaining to attack methods and about the groups deploying them. Wiacek said that the company was “using that information to warn “tens of thousands of new users” that they may have been targets…”
In fact, the blog goes on to state further that several users who spotted a 'state-sponsored attack' warning voiced their concerns on Twitter. Quoting Noah Schactman's, the editor of Wired’s national security blog Danger Room, tweeted, “Aaaaand I just got Google’s ‘you may be a victim of a state-sponsored attack’ notice. #WhatTookYouSoLong?”
Daveed Gartenstein-Ross, a senior fellow at the Foundation for Defense of Democracies, reportedly also spotted the warning.
Google's Wiacek shared that the company noticed a rise in state-sponsored activity coming from the Middle East. While refraining from being specific about the names, he added that such activity had been spotted coming from “a slew of different countries”.
When Google began issuing these warnings in June, Eric Grosse, VP Security Engineering, had highlighted that a warning appearing, such as one in the image below does not necessarily mean that the user’s account has been tampered with, but means that Google believes that that particular user account may be a target of malware or phishing and that the user should take steps immediately to protect his account.
Taking it further, Google advises that in case a user who finds such a warning should:
- Create a unique password, i.e., one with a good mix of uppercase and lowercase letters, as well punctuation marks and numbers;
- Enable 2-step verification as additional security;
- Update the browser, operating system, plugins, and document editors.
The official post also educates readers about the fact that most times, attackers send links to fake sign-in pages attempting to steal a user’s password, and hence a user ought to be careful about where he signs into Google and look out for the https://accounts.google.com/ in his browser bar. The post, however immediately adds in, “These warnings are not being shown because Google’s internal systems have been compromised or because of a particular attack.”