Google’s Threat Analysis Group (TAG) is created to protect the company and whoever uses its services, against government-backed hacking attacks.
And whenever it sees one attacking its users, TAG will send a warning to notify the Google account holder that they have been targeted by such threat actors.
Here, Google has issued 40,000 of these warnings in 2019, that according to a report from TAG security engineering manager, Toni Gidwani.
In a blog post, Gidwani said that:
While 25% drop is huge, Google also found that hackers are actually leveraging new trends in recent months.
For example, in the beginning of 2020, Google saw a rising number of attacks from countries like Iran and North Korea, which methods include impersonating news outlets and journalists. The attackers did this to send false stories with others to spread disinformation.
In other cases, the attackers send mass benign emails to build a convincing rapport with journalists or foreign policy experts, before sending a malicious attachment in a follow up email.
Government-backed attackers tend to target geopolitical rivals, government officials, journalists, dissidents and activists.
Gidwani said that in 2019, one in five accounts that received Google's TAG warning was targeted multiple times.
If the first attack doesn't succeed, the attacker will continue to try again and again using different lure, and different account. The attacker may even try to compromise associates of the target in order to make their approach more convincing.
"We’ve yet to see people successfully phished if they participate in Google’s Advanced Protection Program (APP), even if they are repeatedly targeted. APP provides the strongest protections available against phishing and account hijacking and is specifically designed for the highest-risk accounts,' Gidwani said.
Gidwani also said that TAG actively hunts for zero-day vulnerabilities, or software flaws.
These types of attacks are particularly dangerous because they have a high-rate of success, although they account to only a small number of the overall attacks.
"When we find an attack that takes advantage of a zero-day vulnerability, we report the vulnerability to the vendor and give them seven days to patch or produce an advisory or we release an advisory ourselves," Gidwani explained. "We work across all platforms, and in 2019 TAG discovered zero-day vulnerabilities affecting Android, Chrome, iOS, Internet Explorer and Windows."
While TAG may not be able to stop opportunistic hackers from tricking people into downloading dangerous files or malware, the initiative does protect Google account holders from the evolving government-backed hacking campaigns that tend to be more sophisticated and advanced.
Google TAG's goal here is to bring awareness of these security issues upfront to users, and to help users fight bad actors by preventing possible future attacks.