Google says no APP users have been phished to date

Google touted today the impressive features of its Advanced Protection Program (APP), revealing that no user who signed up for the program has been phished to date, even if repeatedly targeted.

The Advanced Protection Program (APP) is a special program offered by Google that includes extra security protections that are not available to regular Gmail users.

The program was launched in the fall of 2017, and it was initially made available to high-risk users, such as politicians, journalists, activists, or known business people.

Since its launch, the program has been made broadly available, and any Google user can sign up for APP today. The only condition is that users own a hardware security key or a modern smartphone, which Google will enroll in its APP program and use to cryptographically verify and authenticate all login operations.

Over the past three years, this enhanced security feature has prevented hackers from gaining access to any APP-protected Google accounts.

This has made APP a must-enable feature for Google users who are regularly the targets of advanced phishing attempts, like those carried out by state-sponsored hackers.

In a blog post today detailing Google’s actions against state-sponsored operations, Toni Gidwani, a Security Engineering Manager for Google’s elite hacker-hunting unit — the Threat Analysis Group (TAG) — said the APP has been extremely successful at stopping these advanced phishing attempts and the subsequent account compromises.

Google sent 20k alerts about state-sponsored attacks

Summarizing last year’s state-sponsored hacking operations, Gidwani said that Google has sent out more than 40,000 alerts to users in 2019 about state-sponsored hackers targeting their accounts with malware or phishing links.

Gidwani said the number was down 25% from 2018, but that attacks are now using more sophisticated techniques to target users, opting for trickery instead of bulk operations.

The trick that saw a significant rise in detections was the one where state-sponsored hackers posed as news outlets and journalists in order to get victims to drop their guard. Of the more than 270 government-backed hacking groups Google TAG tracks across more than 50 countries, Iranian and North Korean hackers were the ones fond of this particular lure.

But Gidwani said that Google TAG didn’t only track phishing attempts. They also tracked malware that exploited zero-days — bugs unknown to their vendor and without a patch.

Per the TAG team, 2019 was a busy year, with its members finding state-sponsored groups exploiting zero-days affecting Android, Chrome, iOS, Internet Explorer and Windows.

Of all the state-sponsored groups, one in particular was more proficient than the rest, exploiting five zero-days while attacking targets from North Korea or individuals who worked on North Korea-related issues.