fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Google Sent 50,000 Warnings Of State-Sponsored Attacks In 2021

Google Sent 50,000 Warnings Of State-Sponsored Attacks In 2021

Google said today that it sent roughly 50,000 alerts of state-sponsored phishing or hacking attempts to customers during 2021, a considerable increase compared to the previous year.

“So far in 2021, we’ve sent over 50,000 warnings, a nearly 33% increase from this time in 2020,” said Ajax Bash, a Google security engineer working with the company’s Threat Analysis Group (TAG).

“On any given day, TAG is tracking more than 270 targeted or government-backed attacker groups from more than 50 countries. This means that there is typically more than one threat actor behind the warnings.”

Google sends government-backed attack alerts when detecting phishing attempts, brute-force attacks, malware delivery attempts launched from infrastructure linked to known government-sponsored threat groups.

Also Read: New Licensing Requirements For Cyber-Security Service Providers in 2022

According to Bash, these warnings are intentionally delivered in large batches instead of real-time to ensure the threat actors can’t figure out defense algorithms and strategies.

The company has been warning Google users of such attacks since 2012, an alert system redesigned in 2017 and revamped with added info on the potential attack vector as seen in recent alerts sent in September.

Image: Barton Gellman

Russian and Iranian threat actors stand out 

This year, the most notable campaigns targeting Google users were coordinated by the Russian-backed APT28 (aka Fancy Bear) hacking group linked to the GRU Russian military intelligence agency and APT35 (aka Charming Kitten), an Iranian threat actor active since at least 2014.

The first was behind a large-scale phishing campaign accounting for 86% of all state-backed activity alerts delivered in September, with Google warning 14,000 users that their accounts were directly targeted.

Shane Huntley, Director of Google’s Threat Analysis Group, said these warnings are commonly sent to activists, journalists, government officials, or people working in national security structures because they’re the ones targeted by government-backed entities.

Also Read: A Closer Look: The Personal Information Protection Law in China

All phishing emails sent in this massive Fancy Bear campaign were blocked by Gmail and didn’t make it in the targets’ inboxes, as they were automatically classified as spam.

APT35 also had a very active year, hijacking accounts, deploying malware, and coordinating espionage campaigns to collect confidential info for the Iranian government.

In early 2021, the Iranian hacking group used a compromised site affiliated with a UK university to target Gmail, Hotmail, and Yahoo users, asking them to log in using their credentials to attend a fake webinar.

APT35-compromised site
APT35-compromised site used for credential theft (Google TAG)

Google also observed them trying to deliver spyware onto potential victims’ smartphones using malicious apps disguised as legitimate VPN software distributed via the Google Play Store and third-party platforms between May 2020 and July 2021.

They also impersonated Munich Security and Think-20 (T20) Italy conference officials in phishing campaigns using multiple redirects via Dropbox, Google Drive, App Scripts, Google Sites, and various Microsoft services pages to bypass detection.

“Thousands of these warnings are sent every month, even in cases where the corresponding attack is blocked. If you receive a warning it does not mean your account has been compromised, it means you have been identified as a target,” Bash added.

“Users are encouraged to take these warnings seriously and consider enrolling in the Advanced Protection Program or enabling two-factor authentication if they haven’t already.”

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us