Google Search, Gmail, and Chrome Face State-Sponsored Attack Threats Again

By | Oct 10, 2012

Earlier this year in June, Google posted a statement visible to many users of its Google search, Gmail, and Chrome browser. Part of the unusual statement read: "Warning: We believe state-sponsored attackers may be attempting to compromise your account or computer."

According to the New York Times, Mike Wiacek from Google's security team said that since Google started alerting users to state-sponsored threats three months ago, the company has collected intelligence information on the attack methods and the responsible groups behind them. Wiacek said Google was now using the information from this intelligence to warn thousands of users who might be vulnerable to the attacks.

On October 2, many users of Google search, Gmail, and Chrome in the U.S. started to report seeing the warning message. Several people expressed their confusion on Twitter, including prominent journalist and editor at Wired, Noah Schactman who sent out a tweet about the warning message.

Google says it is seeing a spike in state-sponsored attacks from the Middle East but declined to mention specific countries of origin. If this information is accurate, it would support recent trends of similar threats coming from Middle Eastern countries most notably Qatar, Bahrain, the UAE, and Iran, which is suspected to also use spyware for monitoring its own nationals abroad.

Midsize IT and the Unusual Problem of Cyber Terrorism

The recent hacking experience by major U.S. banks seems to follow this disturbing trend of cyber terrorism from the Middle East. The difference, however, is that typically, state-sponsored threats usually directly target large enterprises and government agencies while in this case individual consumer accounts seem to be the focus.

To save money on in-house IT infrastructure, thousands of midsize firms use business application and cloud services from vendors like Google. Now that these threats are also focusing on individual accounts through a big vendor like Google, it is far easier for the hackers to attack thousands of small and midsize businesses using Google services, as opposed to directly attacking only a few large companies.

For midsize IT this raises concerns about third-party applications and cloud services, even those provided by well-established vendors like Google. While the use of third-party applications is almost unavoidable for midsize businesses in this day and age, absolute faith in the security of popular vendor services is a grave mistake.

Regardless of what third-party applications are used, midsize IT is ultimately responsible for IT security at a firm. The spate of cyber terrorism targeting businesses and the globalized nature of the business environment today means that, more than ever, midsize IT will be called upon to tackle complex security issues like those emanating from the other side of the globe.

This trend serves as a reminder to midsize IT managers that in the name of cost-savings, third-party applications should never replace in-house platforms used for sensitive processes. Firms must always maintain control over sensitive information and processes for as long as is feasible.

This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. Like us on Facebook. Follow us on Twitter.

IBM Solution Security & Resiliency

IBM IT security expertise can help medium-sized businesses develop, implement and maintain comprehensive strategies to combat ever-evolving security threats without increasing complexity, cost, or resources required for administration.

Learn More »

More on This Topic

Three Security Concerns for 2016

By Allan Pratt on Dec 4, 2015
As we near the end of 2015, what will 2016 look like in the information security sector? Undoubtedly there be an increase in data breaches across all industries, but will businesses take the high road and inform their customers and ...