Today we’ll be examining the security issues that Google (more specifically Gmail) have faced over the past few months. As a renowned multinational technology company, Google employs one of the world's most advanced security infrastructures to keep users’ data and accounts safe. However, the platform has faced compromise in recent times, and users and businesses must ensure they are adhering to the strictest of security practices to protect their accounts.
One of the most effective methods for securing your personal and professional accounts is by implementing Multi Factor Authentication (MFA). As we’ve previously touched upon, MFA is a tool that largely removes the threat of password breaches, blocking up to 99.9% of cyber-attacks. As 80% of today’s security breaches are attributed to password attacks, MFA is the simplest method for your business to protect its users and data against attack.
As highlighted by Forbes Magazine, Google has fallen foul of two state-level threat actors over the past 6 months, with the Google security team working to implement fixes and update users on potential threats. According to the magazine, ‘A newly published report from Google's Threat Analysis Group (TAG) has revealed that an espionage threat group it says is backed by the Iranian government has a new tool that has been used to successfully hack a small number of Gmail user accounts’.
The hackers have been using spoof attacks to convert email view to html, gaining entry to victims’ accounts. As recommended by Google and security experts around the globe, the best security protocol that can be implemented to curb the threat is the use of MFA. Weak passwords and Single-factor Authentication allow cybercriminals easy access to sensitive data and accounts, however, with multiple layers of security this task becomes incredibly difficult.
The second threat faced by Gmail users has been perpetrated by North Korean group ‘SharpTongue’. This hacking organisation have targeted specific users with the aim of gaining access to their Gmail accounts - in order to do so, they have deployed malware called SHARPTEXT, which ‘directly inspects and exfiltrates data’.
The best method for preventing such an attack is to ensure your systems are unbreached and well protected; centrally, users must update and patch systems regularly, whilst employing MFA on all online accounts.
It’s important to highlight that whilst these attacks may be scary to all Google users, they have been targeted at a minority whom these political threat actors wish to gain specific information from. It is extremely unlikely that the average business would face such specific threats, but the attacks have highlighted that watertight security is essential for all. If globally renowned platforms such as Google can fall foul of security breaches, businesses must ensure they are adhering to the strictest of cybersecurity policies.
MFA is the number one strategy to ensure your employees are protected against password breaches and hack attempts on sensitive accounts. MFA protects against a number of attack styles, including but not limited to; phishing attacks; spear phishing attacks; keyloggers; credential stuffing; brute force attacks; and man-in-the-middle (MITM) attacks.
There are a number of further tangible benefits to your business adopting MFA:
Usually, modern applications offer or require the use of their inbuilt MFA systems, to enable MFA when logging in, simply go to the security settings for the desired app and look for the MFA (or 2FA) settings. This simple step will drastically increase the security of your accounts and data - and can be set up in under a minute.
If you require assistance in assessing the opportunities to implement business-wide MFA, or wish to conduct a more thorough cybersecurity review, then don’t hesitate to contact one of our experienced cyber experts today.
Click her to read more about our cybersecurity services.