“Hack-And-Hire” firms create fake gmail accounts spoofing WHO to get users’ credentials
Google sent 1,755 warnings to potential victims of government-backed attackers
Google has noted a decrease in the overall volumes of government-backed attacks in March 2020
As countries reel under the grip of a killer virus, rising cybersecurity threats are emerging as another issue of concern. These attacks haven’t spared even the government.
Google Threat Analysis Group (TAG) report, published on May 27, highlighted that the tech giant has sent out 1,755 warnings to users whose accounts were targets of government-backed attackers. The body has seen new activities from “hack-and-hire” firms, many of which are based in India.
These firms create fake gmail accounts spoofing the World Health Organization (WHO), encouraging people to sign up for direct notifications from the world health body to stay informed about Covid-19 related announcements. Besides this, the emails are also linked to attacker-hosted websites that look very similar to WHO’s official website.
The fake websites feature “fake” login pages, which prompt users to reveal their Google account credentials and also encourage them to share other personal information like phone numbers. The attackers target business leaders in financial services, consulting and healthcare corporations across India, US, Slovenia, Canada, Bahrain, Cyprus, and the UK.
Google’s TAG works towards preventing government-backed phishing and hacking against Google and its users. In a blogpost, the body highlighted that it is tracking more than 270 targeted or government-backed attacker groups from more than 50 countries.
In a previous report published on April 22, 2020, Google’s TAG had noted a dozen government-backed hacker groups carrying out cyberattacks exploiting the Covid-19 crisis by trying to get their targets to click malicious links and download files.
The body had highlighted that its systems had detected 18 Mn malware and phishing Gmail messages per day related to Covid-19, in addition to more than 240 Mn Covid-related daily spam messages. The report also added that its machine learning models have evolved to understand and filter these threats and TAG continues to block more than 99.9% of spam, phishing and malware from reaching its users.
However, the body maintained that it saw a slight decrease in overall volumes of government-backed attacks in March 2020, compared to January and February.
“While it’s not unusual to see some fluctuations in these numbers, it could be that attackers, just like many other organisations, are experiencing productivity lags and issues due to global lockdowns and quarantine efforts,” the report added.
The recent report has highlighted that the government-backed or state-sponsored groups have different goals in carrying out their attacks. Some are looking to collect intelligence or steal intellectual property, meanwhile others are targeting dissidents or activists, or attempting to engage in coordinated influence operations and disinformation campaigns.