Administrators of Google’s G Suite collection of cloud-hosted productivity apps can now get alerts from Google of potential government-sponsored backed attempts to break into their account.
The company has added a new feature to the administration console in G Suite that will trigger an email alert to enterprise customers any time Google’s threat-detection system detects activity that might be related to a government backed cyber-attack on users’ computers or accounts.
The feature is entirely optional. Administrators can choose to disable it or they can set it to send default notifications to specified users in their organization. When the feature is first activated, the default setting is for the alerts to be sent via email to the primary administrator for G Suite, according to an August 1 announcement on the G Suite Updates blog.
But administrators can change the default setting to specify who in their organization gets notified about the alerts.
The goal in sending out the alerts is to let administrators know about any suspicious activity that is typically associated with nation-state that are targeting G Suite users so they can take steps to secure potentially impacted accounts.
Examples of suspicious activity include a Google Account user receiving phishing emails or messages with particular types of malicious attachments or with links directing them to malicious website designed to steal their passwords.
Google’s recommended actions for administrators include resetting user account passwords or if needed to add a second factor to authenticate users.
“We send the alert to let you know that we believe government-backed attackers are trying to access the account of one of your users,” Google said in a webpage explaining the alerts. Such attacks happen to less than 0.1 percent of Google account users, so there is a chance that an alert could be a false alarm the company has noted.
Google however will not reveal what might have tipped the company off to the suspicious activity in order to prevent attackers from finding ways around the company’s detection mechanisms.
Google has been warning individual Gmail users since 2012 about any malicious activity targeting their accounts that the company believes may be the work of government-backed attackers. Now this service is being integrated into the G Suite admin console.
Shane Huntley, a member of Google’s Threat Analysis Group in a blog last year described the effort as being driven by an “abundance of caution”. The notice does not necessarily mean that an organization is being attacked or that a Google account has been compromised, Huntley had emphasized at the time.
The notice merely reflects Google’s own assessment of the activity based on prior knowledge of the methods and tactics used by government-backed attackers. For example such attackers have been known to send certain types of PDF files, Office documents and compressed archive files, the company has said.
The Gmail warning that Google has been sending to individual users has included personalized guidance on securing their accounts. The company’s policy is to often send a whole batch of emails out to at-risk groups at the same time to make it harder for attackers to guess what might specifically have tipped of the company to their activity.