Skip to content
Naked Security Naked Security

Google ramps up G Suite protections against government-backed attacks

Security alerts become opt-out by default from 10 October because so few admins opted in.

G Suite admins: If you’re worried about your company being targeted by a foreign government, Google believes it has the solution for you. The company switches on a security alert feature by default that notifies administrators if users are being attacked by nation state actors.
The feature, originally launched as an option in August, triggers if Google believes that a user’s account has been targeted by a government-backed attack. If Google detects activity that it thinks stems from a malicious government, it will now notify G Suite administrators by default.
The company doesn’t explicitly say how it identifies a government-backed attacker, but says that people may be notified if they received emails containing harmful attachments, links to malicious software downloads, or links to fake websites designed to phish their information.
From Google’s support site:

We can’t reveal what tipped us off because the attackers will take note and change their tactics.

Google said that it will make the feature default starting tomorrow (10 October) because it heard that many administrators were not aware of the alert and missing out on critical information.
Fewer than 0.1% of all Google account owners suffer from such an attack, according to the company’s figures. Admins can still opt out of the service if they wish.
One famous example of a nation state actor targeting a Gmail account was in 2016, when attackers phished the email of Hillary Clinton’s campaign chairman John Podesta.
Attackers sent an email purportedly from Google warning him about an attempted campaign takeover, and when he queried a campaign aide about the email, he was mistakenly told that the email was legitimate, causing him to click on the malicious link therein. Shortly afterwards, hackers pilfered at least 50,000 emails from his account, which subsequently turned up on Wikileaks. Cybersecurity researchers and US government officials linked the attack to Russia-backed hackers.

G Suite is Google’s online enterprise application service for businesses, and rivals Microsoft’s Office 365. It offers Gmail, Google Docs, Google Drive, and the company’s calendar system for businesses to collaborate with each other.

Also, new Mobile Management features

Last week, Google also launched extra features in Mobile Management, a system included as part of the G Suite service that enables a central administrator to look after managed phones from a central administrative console.
As of this month, admins can now remotely reset passwords on a company-owned Android smartphone, or lock the device entirely. Google announced the new features in a blog post on 1 October, adding that the features might not appear on all accounts until the start of next week.
Admins with Mobile Management enabled were already able to take some protective measures to secure users’ mobile devices. They could force smart phones to have a screen lock, for example, and they could also remotely wipe devices that were lost or stolen. The new features take the security protections up a notch.
The new features cannot be imposed on personal phones without a user’s consent. They can only be used on Android devices to which a company has been assigned ownership, which must be done on brand new or factory reset devices. They will be useful when a user loses their mobile device or has it stolen, and it will also enable administrators to unlock phones when users forget their login credentials.

1 Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!