back to article Google advises passwords are good, spear phishing is bad, and free clouds get attacked

Google's Cybersecurity Action Team has released its first "threat horizon" report on the scary things it's found on the internet. The advertising giant launched the Team in October 2021, when execs said its ambition was to become "the world's premier security advisory team" and dispense advice that will improve cyber …

  1. Kevin McMurtrie Silver badge

    Is this a joke?

    Does Google even have a working means of reporting Gmail phishing, GCP hosted hacking and fake stores, trojan horse Play Store apps, Google Calendar hacks, Google Photos hacks, Google Groups scammers, ...

    No.

    If it hurts competitors more than Google, Google says everyone else needs to do better.

    1. Martin Gregorie Silver badge

      Re: Is this a joke?

      I know Google will think this is blasphemy, but they really, really should try eating their own dogfood.

      For the last month or so spam from Gmail, containing dodgy attachments and thinly disguised as sex come-ons, has been arriving in my mailbox. It forms almost 100% of all the spam I receive: unlike the usual unwanted adverts from people I've dealt with in the past and will probably deal with again, multiple copies of this Googleshite turn up every day.

      Its a complete waste of Joe Thicko Spammer's time, of course, because this crap is pathetically easy for Spam Assassin to recognize and discard. SA rules I've been using for years deal it without me needing to change anything.

    2. Anonymous Coward
      Anonymous Coward

      Re: Does Google even have a working means of reporting Gmail phishing

      No.

      I get getting a *lot* of spam *from* Gmail addresses and/or stating a Gmail address to contact the poor guy who wants to send me some million US AMERICAN DOLLARS.

      If those are sent to my Gmail account they are flagged as SPAM. Otherwise, there is no way to report those accounts. So if I want to be SPAM free I should use only my Gmail account, capisce?

  2. Anonymous Coward
    Anonymous Coward

    Maybe this isn't so bad.

    These things may seem obvious to us, but it seems like some people still don't have a clue. When the "obvious" is the biggest attack vector, it seems logical to address it first.

    1. fredblogggs

      Re: Maybe this isn't so bad.

      Was thinking exactly the same, even as I very much enjoyed the humour. Of course all this is dreadfully obvious... and equally obvious is that fact that despite having been able to read exactly the same advice from every imaginable source for the past decade or more, people still don't bother to take even the simplest and least invasive precautions analogous to keeping their homes' doors closed when they've stepped out (never mind locking them). Although criminal actors will undoubtedly raise their game if everyone did, there would still be less of this sort of crime overall as the laziest and least competent criminals would be forced to the sidelines and the remainder forced to work harder.

      I don't know why Google are bothering, though; their company's brand is so untrustworthy that it's impossible to imagine anyone who has ignored the likes of CERT, IEEE, The New York Times, and the Bank of England is going to read this Google report and suddenly decide to implement rudimentary security measures. For the rest of us who might have welcomed a serious threat intelligence report, Google are more likely to be included in the threat model than the solution space. As the saying goes, they're more on the supply side of crime. Accordingly, they've left out an equally obvious and important aspect of information security they'd rather you not consider: choosing your tools and suppliers wisely.

  3. Chris G Silver badge

    Judging by the advice they give, I am assuming that G CAT is aimed more at the unwashed masses than the likes of Reg readers which is why it has tabloid quality information.

    1. zuckzuckgo Bronze badge

      The information from Google may lack insight but appears to be at least accurate, which puts it slightly above the tabloids. Current party excepted of course.

  4. Giles C Silver badge

    Best line in the article

    Good job I wasn’t having a drink when I read this

    Which clears things up nicely. We thought ransomware was brought by a stork

  5. Detective Emil
    Black Helicopters

    Because of stuff like this [New York Times], I'm very wary of security advice from spying organizations — among which I number Google.

  6. YetAnotherJoeBlow Bronze badge

    Only from...

    I thought that Google was to be reporting actionable intelligence not common attack vectors.

  7. Doctor Syntax Silver badge

    "We're not sure Reg readers could have figured out that authentication and security are good ideas all on their own."

    It may not be so obvious to those bypassing their IT departments. IT are so fussy about such things.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021