As if we didn't have enough to worry about with a steady increase in cybercrime, cyberwarfare is coming to your Gmail account. Unfortunately, this is not an exaggeration. In a blog post this week, Google’s Vice President of Security Engineering announced that their Gmail client will now alert users when their account is threatened by a state-sponsored attack.
Grosse emphasized in the blog post that receiving a warning does not necessarily mean that your account has been compromised. Rather, it means that Google believes a malicious agent working for a government is trying to access your account through methods including phishing or redirects to malicious websites.
Here are some things you should do immediately: create a unique password that has a good mix of capital and lowercase letters, as well punctuation marks and numbers; enable 2-step verification as additional security; and update your browser, operating system, plugins, and document editors. [Google]
The blog post said that while Google will not reveal what criteria or evidence will be used to determine whether an attacker is a typical cybercriminal or a state-sponsored organization, it should be noted that attacks perpetrated by states tend to target specific individuals or companies in attempts to acquire sensitive information. Typical phishing attempts tend to use broader brush strokes, attacking anyone who might be vulnerable.
Although it might be slightly unsettling to see state-level espionage brought to the user level, this is not the first time Google has sparred with national governments. In 2010 Google threatened to pull out of China entirely after a massive Chinese state-sponsored attack targeted dissidents’ Gmail accounts.