Hackers Target Thousands of GMails


For four years, Google has been notifying Gmail customers when they come under attack from hackers who may be working for foreign governments. The company has long remained vague about the way it detects and identifies these hackers, “we can’t reveal the tip-off,” the company tells users, and about the number of notifications it routinely sends. Until now.

When these warnings were introduced, they appeared as thin red bars tacked to the top of users’ inboxes. But just a few months ago, Google redesigned the notifications to be considerably more in-your-face: Now, they take up the entire screen, announcing themselves with an angry red flag. “Government-backed hackers may be trying to steal your password,” the alert reads, advising users to enable two-factor authentication.

The new alert says that fewer than one in a thousand Gmail users are targeted by foreign hackers—but for a product with more than a billion active users, that could still be a really big number. (0.1 percent of 1 billion is 1 million.)

Recently Google provided its most precise estimate ever of the number of cyberattacks it detects that target Gmail users. Speaking at Fortune’s Brainstorm Tech conference in Aspen, Colorado, Google Senior Vice President Diane Greene said the company notifies 4,000 users each month of state-sponsored cyber-attacks, Reuters reported.

Google began delivering notifications about state-sponsored hacking attempts long before its peers, but starting last year, Microsoft, Twitter, Facebook, and Yahoo said they would send similar notifications to their compromised users as well.

Intelligence officials have repeatedly identified state-sponsored hacking as one of the foremost threats to the US in speeches and congressional hearings. In a “worldwide threat assessment” delivered to the Senate Armed Services Committee last year, James Clapper, the director of national intelligence, said that cyberattacks are “increasing in frequency, scale, sophistication and severity of impact.”

The Justice Department has aggressively brought charges against several groups of state-sponsored hackers this year, adding two Syrians and seven Iranians to the FBI’s most wanted list for cybercrime in the span of weeks. With its campaign to “name and shame” the hackers, the FBI says it wants to hold countries that support hackers accountable.

Google’s notifications, like those of its peers, don’t name the country where the suspected cyberattacks come from. But if the notifications get recipients to change passwords and activate two-factor authentication, the hackers behind them could find their jobs getting a little harder.

NextGov:

« Retail Banks Will be Dead Within A Decade
Industrialisation Of Cybercrime Is Disrupting Business »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Avanan

Avanan

Avanan is The Cloud Security Platform. Protect all your SaaS applications using tools from over 60 industry-leading vendors in just one click.

First National Technology Solutions (FNTS)

First National Technology Solutions (FNTS)

First National Technology Solutions is a leading provider of flexible, customized hosted and remote managed services including IT security and compliance.

OmniNet

OmniNet

OmniNet delivers the next generation of cybersecurity and is the only provider in the market to move the edge of small businesses to a virtual, omnipresent perimeter.

MSPAlliance

MSPAlliance

MSPAlliance is the world’s largest industry association and certification body for cloud computing and managed service professionals.

TriagingX

TriagingX

TriagingX successfully created the first generation malware sandbox that is being used by many Fortune 500 companies for daily malware analysis.

ITTAS

ITTAS

ITTAS is a multidisciplinary company specializing in information security and software and hardware protection software.

Pelion IoT

Pelion IoT

Pelion Connected Device Services are the easiest way to securely connect and manage your devices, allowing you to focus on forging your future.

Trusted Security Solutions (TSS)

Trusted Security Solutions (TSS)

TSS are specialist in IT Security and providing Cybersecurity Solutions & Services combined with storage and backup.

Timus Networks

Timus Networks

Timus Networks enables today's work from anywhere organizations to secure their networks very easily and cost effectively.

Astrill VPN

Astrill VPN

Astrill VPN is a Seychelles based Virtual Private Network(VPN) Company.

NANO Corp

NANO Corp

At NANO Corp, we keep your network visible, understandable, operational and secure with state-of-the-art technology.

Access Venture Partners

Access Venture Partners

Access Venture Partners are an early stage VC firm investing in bold founders and helping every step of the way. Areas we give special focus to include cybersecurity.

HashiCorp

HashiCorp

At HashiCorp, we believe infrastructure enables innovation, and we are helping organizations to operate that infrastructure in the cloud.

Astute Technology Management

Astute Technology Management

Astute Technology Management helps businesses take control of their technology and work with greater confidence.

Keyrus

Keyrus

Keyrus is a global consultancy that develops data and digital solutions for performance management.

Complete Cyber

Complete Cyber

Complete Cyber provide professional cybersecurity services and products to help secure your infrastructure, systems and data.