Google accounts hacked: another taboo is broken

Security Awareness
25 January 2024
Account Google a Rischio

Saying Google today means entering a world whose borders are difficult to see.
Some see it as a big brother in an Orwellian sense, a kind of entity that spies on our every move, knows our tastes, and collects our data.
The most optimistic consider the goals to be only economic, while for the doomsayers they are diabolical and seek the manipulation and control of the population.

On the other hand, there are the fanatics, who are totally addicted to it, taking advantage of all the possibilities and services that this search engine makes available today. In short, those who hand over to Google and all its offshoots, the totality of their activities on the web, i.e., practically their lives, without making too much fuss, indeed happy to do so.

Here, especially for the latter, which includes, let’s face it, many of us who spend so many hours in front of a monitor, one of the latest malware we are hearing about, discovered by CloudSek researchers, could be a serious concern.

The new threat

This is a new threat that puts users’ Google accounts at risk.
It does this by leveraging third-party cookies to gain unauthorised access to people’s private data, using a rather sophisticated method to circumvent defences.

Last October, a hacker revealed the details of the operation on a Telegram group, showing a vulnerability linked to cookies, elements used by websites and browsers to monitor the user experience.

The malware manages to recover Google’s authentication cookies, allowing criminals to bypass even two-factor authentication.

So once an account is compromised, attackers can maintain continuous access to Google services, even following a password change by the victim.

A rude awakening for the victims, who find themselves practically blocked on all fronts, both at work and in everyday activities.

CloudSEK researchers stated that malware that steals information by abusing this function will now steal more tokens from Google Chrome.

In addition to all authentication cookies for Google sites, these tokens also include a special token that can be used to update, or generate, new authentication tokens that replace expired ones, allowing access to accounts for a much longer period of time than normally permitted.

Google’s reaction

Google, on the other hand, downplayed the issue and reassured users in a statement issued to BleepingComputer:

“Attacks involving malware that steals cookies and tokens are not new; we regularly update our defences against these techniques to protect malware victims. In this case, Google has taken steps to secure all the compromised accounts identified”.

The search engine also proposes a solution that seems rather simplistic to some: suggesting that victims exit the Chrome browser or close all active sessions from the page.

“In the meantime – Google recommends – users should continue to remove any malware from their computer and activate the Enhanced Safe Browsing feature for your account in Chrome to protect against phishing and malware downloads”.

But the problem, according to some, is that most of the time, victims are unaware that they have been infected by this type of malware, at least until the abuse becomes apparent. It will therefore be difficult for them to know when to perform the various steps suggested by Google.

The case of Orange España

In this regard, the case of Orange Españawas reported. The second-largest Iberian mobile phone provider suffered an attack of this type on 3 January.

A cyber criminal managed to steal a company employee’s administration password for the network equipment, and then access the routing table that regulates the company’s traffic. However, no one noticed until the login details were used to access the company’s RIPE1 account.

According to information circulating on the net, Google claims to have identified the affected persons and to have warned them, but apart from that, it has so far taken no further steps to solve the problem.

It almost seems, but this is only an interpretation, that the California-based giant with its headquarters in Mountain View does not quite know which way to turn and is holding back in giving definite answers.

In this very nebulous and entangled situation, the only clear thing is that the danger of our Google accounts being tampered with with serious consequences, especially in the professional sphere, is quite real.
This not only gives cause for concern but also encourages us to be increasingly careful during our online activities.

The solution

Once again, apart from the usual recommendations to create strong passwords and store them correctly, the real and radical solution has only one name: top-quality training.

In order to pre-empt the moves of the criminals lurking around every virtual corner, companies must choose training platforms that are up to today’s challenge: to make their organisations immune to cyber-attacks and ready to defend themselves adequately at all times.
A goal that can be easily achieved if each employee is provided with the appropriate knowledge and training tools to recognise and manage any type of attack.

Only this can guarantee effective and long-lasting protection for the entire company.


Articoli correlati

Digital Operational Resilience Act (DORA)

Digital Operational Resilience Act (DORA)

The Digital Operational Resilience Act (DORA) is a EU regulation that entered into force on 16 January 2023 and will apply as of 17 January 2025. It aims at strengthening the IT security of financial entities such as banks, insurance companies and investment firms and...

read more