Google Reports Resurgence In Pandemic Hacking, Phishing

Google’s security experts had their hands full in April, as its Threat Analysis Group (TAG) emailed 1,755 warnings to users whose accounts were targets, the California-based global technology company wrote on its blog Thursday (May 27).

These threats reflect a resurgence in hacking and phishing attempts by cyber criminals as the commercial and government-backed attackers try to seize opportunities for scams amid the COVID-19 pandemic, Google wrote.

Some thieves appear to be seeking to steal intelligence or intellectual property while others target dissidents or activists, or attempt to engage in coordinated influence operations and disinformation campaigns, Google wrote.

“We continue to see attacks from groups like Charming Kitten on medical and healthcare professionals, including World Health Organization (WHO) employees,” according to the blog.

Google said TAG has identified the latest threats from more than a dozen government-backed “hack-for-hire” firms attempting to use the pandemic to phish and add malware to computers. The at-risk accounts include leaders in financial services, consultants, and healthcare corporations in the U.S., Slovenia, Canada, India, Bahrain, Cyprus, and the U.K. These hackers encourage individuals to sign up for direct notifications from the WHO to stay informed of COVID-19 related announcements, and link to attacker-hosted websites that look strikingly like the official WHO website. They feature faux login pages that prompt potential victims to provide their Google account credentials, and encourage them to give up other personal information, Google wrote.

“Since March, we’ve removed more than a thousand YouTube channels that we believe to be part of a large campaign and that were behaving in a coordinated manner,” the blog post said. “These channels were mostly uploading spammy, non-political content, but a small subset posted primarily Chinese-language political content similar to the findings of a recent Graphika report.”

The 28-page survey revealed a pro-Chinese cross-platform political spam network that Graphika has dubbed “Spamouflage Dragon​” has emerged, ​establishing new accounts and reactivating dormant ones to post about Hong Kong politics, Chinese regime critics and the Chinese response to COVID-19.

Google said it has deployed its Advanced Protection Program (APP) to help protect high-risk accounts against these such attempts with its hardware security keys. Google said it provides the strongest protections available against phishing and account hijackings. APP was designed specifically for high-risk accounts.

In addition, Google wrote that its products contain built-in security features, such as Gmail protections against phishing and browsing in Chrome. They vowed to use “significant resources” to develop new tools and technology to help identify, track and stop this kind of activity.

Google said it also works with law enforcement, industry partners, and third parties like specialized security firms to assess and share intelligence.