Protecting users from government-backed hacking and disinformation

News Saleb-,Newspapers are usually issued daily or weekly. Protecting users from government-backed hacking and disinformation, Magazine News weekly, but they also had a magazine format. Newspapers with common interests usually publish news articles and articles about national and international news as well as local news. These include news events and personalities of the political, business and finance, crime, weather, and natural hazards; health and medicine, science, and computers and technology; Sports; and entertainment, community, food and cuisine, apparel and home fashion, and the arts.

A wide range of materials have been published in newspapers. In addition to news,Protecting users from government-backed hacking and disinformation ,information and opinions expressed above, including weather forecasts; Criticism and reviews Arts (including literature, film, television, theater, art, and architecture) and local services such as a restaurant; obituaries, notices of birth and graduation announcements; Entertainment features such as crossword puzzles, horoscopes, editorial cartoons, jokes, cartoons and comics; Advice column, food, and other columns; and a list of radio and television (program schedule). In the year 2017, newspapers can also provide information about new movies and TV shows available on streaming video services such as Netflix. The newspaper has been classified ad section in which people and businesses can buy a small ad to sell goods or services; In the year 2013, a large increase in internet sites to sell goods, such as Craigslist and eBay have caused ad sales are much less classified for newspapers.Protecting users from government-backed hacking and disinformation Since 1983, it has been known mainly because of its annual report and rankings that influence in college and grad school, lies in most fields and subjects. U.s. News World Report is and academic institution is the oldest and most famous in America, [5] and covering the areas of business, law, medicine, engineering, social sciences, education and public affairs, in addition to many other areas. Print Edition] has consistently included in the list of national bestsellers, coupled with online subscriptions. Additional rankings published by U.s. News World Report and includes hospitals,Protecting users from government-backed hacking and disinformation, medical and specialty cars.
Protecting users from government-backed hacking and disinformation-News of the United States was founded in 1933 by David Lawrence (1888-1973), which also started the World Report in 1946. The two magazines are covering national and international news separately, but Lawrence combines them into news reports of U.S. in World and 1948 [1] and Later sold the magazine to its employees. Historically, this magazine tends to be a bit more conservative than the two main competitors, Time and Newsweek, and focus more on the story of economic, health, and education. It's also distancing news, entertainment and sports celebrities. [2] an important milestone in the history of the beginning of the magazine is including the introduction of the "Washington Whispers" column in 1934 and the column "News You Can Use" in 1952. [3] [4] in 1958, the circulation of the weekly magazine passed one million and two million in 1973. (wikipedia) Protecting users from government-backed hacking and disinformation

Google's Threat Analysis Group (TAG) works to counter targeted and government-backed hacking against Google and our users. This is an area we have invested in deeply for over a decade. Our daily work involves detecting and defeating threats, and warning targeted users and customers about the world’s most sophisticated adversaries, spanning the full range of Google products including Gmail, Drive and YouTube.

In the past, we’ve posted on issues like phishing campaigns, vulnerabilities and disinformation. Going forward, we’ll share more technical details and data about the threats we detect and how we counter them to advance the broader digital security discussion.

TAG tracks more than 270 targeted or government-backed groups from more than 50 countries. These groups have many goals including intelligence collection, stealing intellectual property, targeting dissidents and activists, destructive cyber attacks, or spreading coordinated disinformation. We use the intelligence we gather to protect Google infrastructure as well as users targeted with malware or phishing.

Phishing

We’ve had a long-standing policy to send users warnings if we detect that they are the subject of state-sponsored phishing attempts, and have posted periodically about these before. From July to September 2019, we sent more than 12,000 warnings to users in 149 countries that they were targeted by government-backed attackers. This is consistent (+/-10%) with the number of warnings sent in the same period of 2018 and 2017.

govt backed phishing targets in q3 2019.png

Distribution of government-backed phishing targets in Q3 (Jul-Sep 2019)

Over 90 percent of these users were targeted via “credential phishing emails” similar to the example below. These are usually attempts to obtain the target’s password or other account credentials to hijack their account. We encourage high-risk users—like journalists, human rights activists, and political campaigns—to enroll in our Advanced Protection Program (APP), which utilizes hardware security keys and provides the strongest protections available against phishing and account hijackings. APP is designed specifically for the highest-risk accounts and now has more than 15,500 users. 


In the simple phishing example below, an attacker has sent a phishing email with a security alert lure from “Goolge” suggesting the user secure their account. The user clicks the link, enters their password, and may also get asked for a security code if they have two-factor authentication enabled, allowing the attacker to access their account.

sample gmail lure.png

Sample lure used to phish Gmail users

Threat detection

Last week at CyberwarCon, we presented analysis about previously undisclosed campaigns from a Russia-nexus threat group called “Sandworm” (also known as “Iridium”). It’s a useful example of the type of detailed threat detection work that TAG does. Although much of Sandworm’s activity targeting Ukraine and their attacks against the 2018 Winter Olympics have been covered publicly, some campaigns have not been reported. 

In December 2017, TAG discovered a series of campaigns from Sandworm attempting to deploy Android malware. The first campaign targeted users in South Korea, where Sandworm was modifying legitimate Android applications with malware. They then uploaded these modified apps to the Play Store using their own attacker-controlled developer accounts. During this campaign, Sandworm uploaded eight different apps to the Play Store, each with fewer than 10 total installs. 

malicious apps targeting users in south korea.png

Malicious apps targeting users in South Korea

We also identified an earlier September 2017 Android campaign from Sandworm where they used similar tactics and deployed a fake version of the UKR.net email app on the Play Store. This application had approximately 1,000 total installs. We worked with our colleagues on the Google Play Protect Team to write detections for this malware family, and eliminate it.

In November 2018, we saw evidence that Sandworm shifted from using attacker-controlled accounts to try and upload malicious apps to compromising legitimate developers. Throughout November, Sandworm targeted software and mobile app developers in Ukraine via spear phishing emails with malicious attachments. In at least one case, they compromised an app developer with several published Play Store apps—one with more than 200,000 installs. 

After compromising the developer, Sandworm built a backdoor in one of the legitimate apps and attempted to publish it on the Play Store. They did this by adding their implant code into the application package, signing the package with the compromised developer’s key, and then uploading it to the Play Store. However, the Google Play Protect team caught the attempt at the time of upload. As a result, no users were infected and we were able to re-secure the developer’s account.

Disinformation

TAG is one part of Google and YouTube’s broader efforts to tackle coordinated influence operations that attempt to game our services. We share relevant threat information on these campaigns with law enforcement and other tech companies. Here are some examples that have been reported recently that TAG worked on:

  • TAG recently took action against Russia-affiliated influence operations targeting several nations in Africa. The operations use inauthentic news outlets to disseminate messages promoting Russian interests in Africa. We have observed the use of local accounts and people to contribute to the operation, a tactic likely intended to make the content appear more genuine. Targeted countries included the Central African Republic, Sudan, Madagascar, and South Africa, and languages used included English, French, and Arabic. Activity on Google services was limited, but we enforced across our products swiftly. We terminated the associated Google accounts and 15 YouTube channels, and we continue to monitor this space. This discovery was consistent with recent observations and actions announced by Facebook. 

  • Consistent with a recent Bellingcat report, TAG identified a campaign targeting the Indonesian provinces Papua and West Papua with messaging in opposition to the Free Papua Movement. Google terminated one advertising account and 28 YouTube channels.

Partnerships

TAG works closely with other technology companies—including platforms and specialized security firms—to share intelligence and best practices. We also share threat information with law enforcement. And of course there are multiple teams at Google at work on these issues with whom we coordinate. 

Going forward, our goal is to give more updates on the attacks that TAG detects and stops. Our hope is that shining more light on these actors will be helpful to the security community, deter future attacks, and lead to better awareness and protections among high-risk targets.


by Shane HuntleyThreat Analysis Group via The Keyword

Title :Protecting users from government-backed hacking and disinformation
Source :Protecting users from government-backed hacking and disinformation

News Info:


Share on Facebook
Share on Twitter
Share on Google+

Related : Protecting users from government-backed hacking and disinformation

0 komentar:

Post a Comment