10,000 “High Risk” Targets of Nation-State Hacking Groups Get USB Security Keys From Google
Thursday, October 14, 2021
In 2017 Google launched its Advanced Protection Program targeted at higher-risk users of its platform that are likely to be tested by overseas hackers due to the nature of their work. This includes the software that Google uses to scan Play Store apps for malware before they go live, a stronger multi-factor authentication process, and certain account feature restrictions designed to trade some functionality for necessary security. Part of the intent of the giveaway of USB security keys is to raise awareness of the program among its target demographic. The program is free and is available to anyone, but is not necessarily recommended for all Google accounts as it can hamper access to some services.
Ilia Kolochenko, Founder/CEO and Chief Architect of ImmuniWeb, believes that this is a model that other major tech companies should adopt. However, he also points out that even hardware-based 2FA does not make one immune to hacking or to breach of stored data: “This laudable effort by Google should inspire other IT giants to share their knowledge and resources with the most vulnerable people who truly need them. Sadly, many of the targeted or would-be victims are chased by professional cyber-mercenaries and sophisticated state-backed hacking groups. The shrewd threat actors will likely have no difficulty accessing the victims’ data while it resides in the device’s memory in an unencrypted format, successfully bypassing MFA and other security controls. Moreover, the data oftentimes resides in several locations, for example, journalists frequently receive valuable reports and hints from whistleblowers who will now likely become the new target of cybercriminals. Furthermore, virtually any data is backed up or otherwise shared across several organizations, such as IT vendors or accountants, who will now fall victims to unscrupulous cyber gangs. Finally, in many countries that have poor protection of civil liberties, the victims may easily end up in jail for refusal to unlock their devices or cooperate with judicial authorities. Nonetheless, the ongoing efforts undertaken by Google are certainly better than non-feasance and will definitely prevent some cyber attacks.”
The 10,000 free USB security keys will be distributed over the remainder of 2021 by several partner organizations, such as the International Foundation for Electoral Systems (IFES) and Defending Digital Campaigns (DCC). These groups will focus on particular organizations and industries that they work with. Read Full Article
TechRadar: Apple says side-loading apps could lead to iPhone security disaster
BankInfoSecurity: Microsoft Says It Mitigated Largest-Ever DDoS Attack