“2.5 billion violated gmail account»It is a perfect title to push any internetic to click on an article. It may be that by shaking on social networks or surfing online you have come across various articles that had a “titone” similar by feeding the idea of a maxi-attack against Gmail users from all over the world. If you came across titles of this type, you will probably have wondered if your messages ended up in the hands of cybercriminals. The short answer is no: there is no proof of impairment direct Gmail accounts or a massive theft of e-mails and passwords of Gmail user. The reality is different and concerns a limited affair that involves a “vishing” attack against a Google supplier, not to servers that keep e -mail.
Google itself has published an official report by precisely explaining the technical details and reducing the alarm. But this does not mean that we can lower our guard and sleep peacefully: a criminal group – marked by the abbreviation UNC6040 – However, he managed to subtract (through an attack of social engineering) of the company data, which can become useful material for any vishing campaigns, a sort of phishing perpetrated by fraudulent phone calls.
But we reiterate. To say that 2.5 billion gmail account are at risk is not correct: just to start, at the time of drafting this article according to many Gmail estimates, it has about 1.8 billion active users. And also in the event that the IT criminals attempted to slide every single Gmail user through a 1 minute phone call, they should have over 3,400 years to try to defraud everyone Users in possession of an account! It is clear that the accounts do not return.
The real proportions of the IT attack
Let’s see more closely what happened and what are the real proportions of the attack. It all started when the criminal group known as Unc6040 convinced a Google partner employee by telephone to authorize an apparently legitimate Oouth application within Salesforce, the CRM platform (Customer Relationship Management) a tool used by “Big G” to manage various commercial customers and interactions. The attack was therefore perpetrated with the vishing technique, the merger of words voice And phishing. Unlike classic phishing, which is consumed through an deceptive e-mail, Vishing uses a real phone call. An apparently authoritative voice – for example a fake technical support technician – induces the victim to perform actions that seem trivial but that in fact open the door to the attackers. It is therefore not a question of viruses or security flaws in the software, but of pure psychological manipulation.
The authorization granted by the employee victim of the attack has given the criminals who perpetrated the attack the opportunity to access data contained in the Salesforce environments, such as company contacts, logs of interactions and other confidential information. On the other hand, the Gmail servers or stolen messages or credentials were not violated. The UNC6040 group specializes precisely in this type of scheme: pretends to belong to the IT department, drives the victim step by step and authorizes connected apps disguised by official tools. Once you get access, the flow of stolen data can become the base for subsequent blackmail. And this is where another well -known name comes into play: Shinyhunters. Some extortion e-mails sent to the victims reported this signature and according to Google these are a distinct entity (called UNC6240), activated in the monetization phase, that is, in the request for a real redemption. This two -level scheme (with an actor who deals with the intrusion and another of economic pressure by requiring a Bitcoin payment within a total of hours) is now increasingly widespread.
The good news is therefore that no gmail account is compromised directly. The bad one is that the data collected in Salesforce, however, can be exploited for extremely credible fraudulent campaigns. We think, for example, of an email that seems to come from one of your colleague or a call that seems to come from customer service of some company, but which is actually a well -built bait thanks to that subtracted information. Keeping its attention threshold high remains a crucial aspect of IT security on an individual and, above all, corporate level.
How to defend themselves from any vishing attempts
To defend themselves from any vishing attacks and the like that could have originated from the data subtracted from the Salesforce environments by the criminal collective of which we have spoken to you just a few, at least the following “base” countermeasures must be followed:
- Use robust and unique passwords.
- Activate two -factors authentication (possibly with the generation of codes on special authentication apps rather than with the classic sending of OTP via SMS, which are much less safe).
- Activate Passkey where possible.
- Never share information through calls with dubious origin, remembering that Google (as well as any other official body) does not contact its users through similar means to report security problems.
