The Advanced Protection Program aims at protecting users with high visibility and sensitive information (i.e. activists, journalists, and political parties), who are exposed to the risk of targeted attacks. Google announced an improved malware protection.
In March, Google shared data on alerts related to state-sponsored attacks, the tech giant revealed that it issued almost 40,000 alerts of state-sponsored phishing or malware attacks to its users during 2019. The good news is that the APP initiative was able to protect all its participants.
“We’ve yet to see people successfully phished if they participate in Google’s Advanced Protection Program (APP), even if they are repeatedly targeted. APP provides the strongest protections available against phishing and account hijacking and is specifically designed for the highest-risk accounts.” continues the post.
APP prevents unauthorized access to enrolled users’ accounts, provides extra protection from harmful downloads, and secures the users’ info.
The program provides specific protection against phishing campaigns targeting Google accounts attacks, malicious apps, and data theft attempts made by attackers that impersonate a legitimate third-party service.
Google announced that it will provide real-time service to analyze potentially harmful downloads asking users if they desire to submit them to its anti-malware detection systems for the analysis.
“Specifically, when Chrome detects a potentially suspicious file download, users will see a new prompt asking whether they want to send the file to Google Advanced Protection to check for malware.” reads the Google’s announcement. “If they choose to send it, Google Safe Browsing will scan it in real time and will warn the user if it determines the file is unsafe.”
All users enrolled in the Advanced Protection Program will have this feature enabled by default.
Users who aren’t yet enrolled can join to the program using their phone’s built-in security (available with an Android 7.0+ phone or iPhone running iOS 10.0+ with the Google Smart Lock) or a FIDO compliant security.
The security key used during the registration process will be required anytime the users will sign into their accounts on new devices.
Google users that enrolled in the program will be protected against credential stuffing attacks or phishing campaign.
(SecurityAffairs – hacking, Advanced Protection Program)