Search giant Google has warned users that their accounts may be “targetted” by state-sponsored cyber attacks and asked them to take immediate steps to protect their data.
In the official company blog, Google Vice President Security (Engineering) Eric Grosse said, “We are constantly on the lookout for malicious activity on our systems, in particular attempts by third parties to log into users’ accounts unauthorised...Today, we are taking that a step further for a subset of our users, who we believe may be the target of state-sponsored attacks”.
Many Gmail users have seen a warning message in a pink coloured bar saying, “We believe state-sponsored attackers may be attempting to compromise your account or computer. Protect yourself now.”
“When we have specific intelligence—either directly from users or from our own monitoring efforts—we show clear warning signs and put in place extra roadblocks to thwart these bad actors,” Grosse said.
In an emailed statement, a Google spokesperson said the warning was developed to supplement the company’s existing account security technologies and notifications.
“We believe it is our duty to be proactive in notifying users about attacks or potential attacks so that they can take action to protect their information. And we will continue to update these notifications based on the latest information,” he added.
Grosse clarified that the warning message does not necessarily mean that the account has been hijacked. “It just means that we believe you may be a target, of phishing or malware...and that you should take immediate steps to secure your account,” he added.
Grosse did not elucidiate on how the company ascertains that this activity is state-sponsored.
According to Grosse, the company’s detailed analysis—as well as victim reports—strongly suggest the involvement of states or groups that are state-sponsored.
The warning comes amid increasing concerns about ‘Flame virus’ which has been spreading in the Middle East and indications of cyber warfare impacting the US and many other countries.
Grosse suggested that users should create a unique password mixing capital and lowercase letters, punctuation marks and numbers; enable 2-step verification as additional security; and update their browsers, operating systems, plugins, and document editors.
“Attackers often send links to fake sign-in pages to try to steal your password, so be careful about where you sign in to Google,” Grosse said.