Google last night admitted that the Gmail accounts of hundreds of its users have been targeted by Chinese hackers. Those hit include political activists as well as US military and political officials, in what appears to be a highly targeted phishing attack aimed at high value individuals.
Although Google has confirmed that it has notified all those affected, and that remedial action has been taken to secure their accounts, LogRhythm is warning that any information already captured by hackers could be harnessed for future attacks.
"Attacks like these allow hackers to capture a wealth of sensitive information, particularly passwords. Today's sophisticated hackers will re-use this information in an attempt to gain access to other accounts, both personal and corporate. Indeed if these Gmail users are using the same passwords at home as at work, hackers could already have the keys to the castle," said Ross Brewer, vice president and managing director for international markets, LogRhythm. "Organisations employing the victims of this latest hack need to be especially vigilant from here forward, monitoring their IT infrastructures for suspicious events that could signal that hackers have already infiltrated their networks.”
"By constantly monitoring the log data generated by every server, desktop, application and device on their networks, organisations can gain a thorough understanding of what their normal IT operations look like,” continued Brewer. “Any anomaly in this log data can be alerted on, helping organisations to immediately identify and prevent unwanted behaviour, for example, repeated attempts by a user to access classified files, or the transfer of information to an unauthorised location.”