<img src="https://secure.leadforensics.com/23986.png" style="display:none;">
Skip to the main content.

3 min read

Gmail hackers: why MFA is central to securing your accounts

Today we’ll be examining the security issues that Google (more specifically Gmail) have faced over the past few months. As a renowned multinational technology company, Google employs one of the world's most advanced security infrastructures to keep users’ data and accounts safe. However, the platform has faced compromise in recent times, and users and businesses must ensure they are adhering to the strictest of security practices to protect their accounts.

One of the most effective methods for securing your personal and professional accounts is by implementing Multi Factor Authentication (MFA). As we’ve previously touched upon, MFA is a tool that largely removes the threat of password breaches, blocking up to 99.9% of cyber-attacks. As 80% of today’s security breaches are attributed to password attacks, MFA is the simplest method for your business to protect its users and data against attack.   

How has Gmail been compromised?

 

As highlighted by Forbes Magazine, Google has fallen foul of two state-level threat actors over the past 6 months, with the Google security team working to implement fixes and update users on potential threats. According to the magazine, ‘A newly published report from Google's Threat Analysis Group (TAG) has revealed that an espionage threat group it says is backed by the Iranian government has a new tool that has been used to successfully hack a small number of Gmail user accounts’.

The hackers have been using spoof attacks to convert email view to html, gaining entry to victims’ accounts. As recommended by Google and security experts around the globe, the best security protocol that can be implemented to curb the threat is the use of MFA. Weak passwords and Single-factor Authentication allow cybercriminals easy access to sensitive data and accounts, however, with multiple layers of security this task becomes incredibly difficult.

The second threat faced by Gmail users has been perpetrated by North Korean group ‘SharpTongue’. This hacking organisation have targeted specific users with the aim of gaining access to their Gmail accounts - in order to do so, they have deployed malware called SHARPTEXT, which ‘directly inspects and exfiltrates data’.

The best method for preventing such an attack is to ensure your systems are unbreached and well protected; centrally, users must update and patch systems regularly, whilst employing MFA on all online accounts.

It’s important to highlight that whilst these attacks may be scary to all Google users, they have been targeted at a minority whom these political threat actors wish to gain specific information from. It is extremely unlikely that the average business would face such specific threats, but the attacks have highlighted that watertight security is essential for all. If globally renowned platforms such as Google can fall foul of security breaches, businesses must ensure they are adhering to the strictest of cybersecurity policies.

How can my business use MFA to enhance security?

 

MFA is the number one strategy to ensure your employees are protected against password breaches and hack attempts on sensitive accounts. MFA protects against a number of attack styles, including but not limited to; phishing attacks; spear phishing attacks; keyloggers; credential stuffing; brute force attacks; and man-in-the-middle (MITM) attacks.

There are a number of further tangible benefits to your business adopting MFA:

 

  • MFA reduces identity theft and fraudulent attacks; cyberattacks are complex and have many moving parts. A phishing attack may often lay the groundwork for fraudulent access to critical systems. By enabling 2FA or MFA, hackers will no longer be able to access and compromise the data associated with the stolen credentials.  

 

  • MFA adds flexibility in the devices staff can use to access files; MFA can often allow businesses to reassess existing, and outdated, security measures. Allowing end-users the opportunity to access systems more flexibly.  

 

  • MFA can alert you to unsuccessful access attempts; many authentication tools can alert administrators or moderators of multiple unsuccessful login attempts. And better yet, they can often block accounts that are suspected of a breach.  

Implement MFA Now

 

Usually, modern applications offer or require the use of their inbuilt MFA systems, to enable MFA when logging in, simply go to the security settings for the desired app and look for the MFA (or 2FA) settings. This simple step will drastically increase the security of your accounts and data - and can be set up in under a minute.

If you require assistance in assessing the opportunities to implement business-wide MFA, or wish to conduct a more thorough cybersecurity review, then don’t hesitate to contact one of our experienced cyber experts today.

Click her to read more about our cybersecurity services.

The Cyber Essentials Framework: Revisited and Updated

The Cyber Essentials Framework: Revisited and Updated

Earlier this year we highlighted IASME’s announcement that the Cyber Essentials Framework would be changing in late February, anticipating how your...

Read More
Why Your Business Needs a VPN for Optimal Security and Flexibility

Why Your Business Needs a VPN for Optimal Security and Flexibility

If your business is looking to improve its cybersecurity posture whilst enhancing employee productivity and flexibility, then a corporate VPN may be...

Read More
Remaining Vigilant: Countering Phishing Threats

Remaining Vigilant: Countering Phishing Threats

As the world of cyber-security continues to develop and become more sophisticated, it remains important to ensure your employees are continuing to...

Read More