Most email users are now well aware of the scams and attacks that flood inboxes daily. Google has become so adept at identifying rogue messages that most are instantly filtered out before they reach customer accounts. However, it seems now is not the time to let our guard down. Hackers have recently executed a cyber-attack that bypasses Google's multi-factor authentication. This means that cyber criminals could gain full access to accounts without the owner ever realizing something is amiss.[1]
The new attack was detected by security researchers at Google Threat Intelligence Group, who confirmed that targeted attacks have already occurred. Google accounts are typically very secure, requiring users to use multiple methods to access services such as Gmail. These often include two-factor authentication, which sends a message to a second device before a login is approved, reports the Express. However, it appears that Russian cyber criminals have discovered a way to target older phones and other devices that can't handle this additional verification step. Google provides something called app passwords, which are unique 16-digit codes designed to protect less modern devices. This is because app passwords bypass the second verification step, hackers can steal or phish them more easily.
According to Malwarebytes, the criminals used this method to target prominent academics and critics of Russia. "The attackers initially made contact by posing as a State Department representative, inviting the target to a consultation in the setting of a private online conversation," Malwarebytes explained. "While the target believes they are creating and sharing an app password to access a State Department platform in a secure way, they are actually giving the attacker full access to their Google account. Now that this bypass is known, we can expect more social engineering attacks leveraging app-specific passwords in the future," Malwarebytes cautioned.
Malwarebytes has some key tips to keep your digital life secure:.
Limit the use of app passwords. Transition toward more secure apps and devices whenever possible.
- Even with MFA being crucial, not every method is equally reliable. Opt for authenticator apps or hardware security keys over less secure SMS-based verification or app passwords.
- Stay informed and educate others on phishing scams. Attackers often trick users into exposing their credentials or app passwords despite using MFA.
- Monitor for unusual login attempts or suspicious behavior, such as logins from unfamiliar locations or devices. Limit these logins where possible.
- Regularly update your operating system and the apps you use to patch vulnerabilities that attackers might exploit. Enable automatic updates whenever possible so you don't have to remember yourself.
- Utilize security software that can block malicious domains and recognize scams.
This article is shared with permission at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122
[1] https://www.msn.com/en-us/news/technology/google-issues-urgent-warning-to-anyone-who-uses-gmail-after-sophisticated-cyber-attack/ar-AA1HxlLo/
Comments