Internet giant Google has suffered another cyber attack, reportedly at the hands of Chinese hackers, as software security firm Symantec issues yet another warning about online security.
Google said in a statement it has uncovered a new campaign to collect user passwords, in what appears to be a phishing attempt.
“This campaign, which appears to originate from Jinan, China, affected what seem to be the personal Gmail accounts of hundreds of users including, among others, senior US government officials, Chinese political activists, officials in several Asian countries, military personnel and journalists,” Google said.
In early 2010, Google recorded a massive hacking strike against software companies such as Adobe, which also sought to bring down the Gmail accounts of business officials and Chinese political activists.
The incident was deemed so serious that Google began seeking ways to leave the country and provide censor-free search results to the Chinese.
The purpose of the new attempt, according to Google, “seems to have been to monitor the contents of these users’ emails, with the perpetrators apparently using stolen passwords to change peoples’ forwarding and delegation settings”.
“Google detected and has disrupted this campaign to take users’ passwords and monitor their emails. We have notified victims and secured their accounts. In addition, we have notified relevant government authorities.”
The news comes as Symantec releases its latest survey, showing two thirds of Australian businesses have experienced cyber attacks in the past 12 months, and 77% of those resulted in a loss for their business.
Steve Martin, Symantec director of SMB for the Asia Pacific, says the cost of these attacks is significant.
“One in five of those businesses targeted reported losses in excess of $100,000 combined with lost productivity, revenue, and so on,” he says.
According to the Symantec report, 21% of businesses say the frequency of these attacks is increasing.
“This has been the number one concern for businesses for awhile, but it’s becoming so by a wider margin. Cyber attacks have continued in their prevalence against Australian companies, and are becoming much more targeted on financial gains,” Martin says.
Martin says the associated costs of downtime, such as lost productivity and possible costs for recovering lost data, present a significant burden for any company hit with a cyber attack.
According to Martin, the key is to understand what data you have at your disposal and understand how to protect it effectively.
“You need to apply the appropriate level of protection for your business and ensure it’s safe. If you’re holding credit card information, and I’m holding personally identifiable information, I need to understand how to protect it effectively.”
“If I have intellectual property in my business, or business designs, or legal documents, you need to know exactly where that information resides, and make sure you have adequate protections there.”