Google's Threat Analysis Group (TAG) delivered thousands of alerts of government-backed attempts to spearphish gmail users over just a three-month period earlier this year, they reported.
TAG director Shane Huntley revealed that from July to September 2019 his team sent 12,000 warnings to users in 149 countries. From a heat map attached to the blog post, you can see that most were located in the US, South Korea, Pakistan and Vietnam.
“Over 90% of these users were targeted via ‘credential phishing emails’ ... attempts to obtain the target’s password or other account credentials to hijack their account,” he added.
“We encourage high-risk users — like journalists, human rights activists, and political campaigns — to enroll in our Advanced Protection Program (APP), which utilizes hardware security keys and provides the strongest protections available against phishing and account hijackings. APP is designed specifically for the highest-risk accounts.”
Google's TAG tracks over 270 targeted and government-backed threat groups across 50+ countries in an attempt to detect a variety of dodgy activities like intel collection, IP theft, targeting of dissidents and activists, destructive cyber-attacks, and spreading coordinated disinformation.
He also detailed efforts to detect and remove coordinated influence operations by Russian state hackers in Africa using “inauthentic news outlets to disseminate messages promoting Russian interests in Africa.” A total of 15 YouTube channels were removed as a result.
Stepping high-risk users through new-school security awareness training is something that KnowBe4 would like to add as an absolute necessity as part of any organization's defense-in-depth strategy.