Google Will Now Alert G Suite Admins When Accounts Are Targeted by Government-Backed Attackers
Google has today announced adding a new feature to alert G Suite administrators when the company suspects a government-backed threat actor has targeted their account. The company has been warning its users against these highly sophisticated attacks since at least 2012, however, this feature is now being added to alert G Suite administrators.
"We’re adding a feature in the Admin console that can alert admins if we believe a user’s account has been targeted by a government-backed attack," the company wrote this evening. "If an admin chooses to turn the feature on, an email alert (to admins) is triggered when we believe a government-backed attacker has likely attempted to access a user’s account or computer through phishing, malware, or another method."
Google has repeatedly said both today and in the past that these alerts do not mean that the account has been compromised. It is simply sent when the company detects an attack is being launched in a way that is consistent with a government-backed threat actor. Google will never inform its users which government it believes the attack is being launched from. The company said these alerts are only meant to inform at-risk users who can then strengthen their security measures (here are some tips).
How can G Suite admins receive these alerts from Google
Google said that by default the alerts are off and can be enabled by the admins. You can do so by:
- Heading over to the Admin Console > Reports > Manage Alerts > Government backed attack
Once here, admins have the control over who gets notified when these attacks are suspected. Admins can also configure what actions should be taken once such an attack is detected. For example, they may want to let the user know about the alert, reset the password, enable two factor authentication, or set up a physical security key.
The company's announcement comes on the heels of Microsoft's announcement of launching a pilot program to offer security protections to election campaigns and authorities. Only a few hours earlier, Reddit also disclosed a security breach that was made possible through compromising employee accounts. While it isn't immediately clear if a government-backed attacker was behind that particular hack (unlikely), there is no doubt that employee accounts need better security measures than what the companies are currently employing.