The Russians did it?
As president-elect Donald Trump becomes President Trump, it’s difficult to separate the man behind the podium from the drama leading to his ascension. For IT professionals, this centres around the pivotal role cybersecurity played, from the hacking of his rivals Hillary Clinton and the Democratic National Committee, to the presidential candidates’ debates, to the subsequent questioning of votes after election night. Many, including the White House, point to Russian operatives as the culprits.
The FBI and Department of Homeland Security’s National Cybersecurity and Communications Integration Center (NCCIC) released a joint report, GRIZZLY STEPPE – Russian Malicious Cyber Activity, that alleges “Russian civilian and military Intelligence Services (RIS)” used malicious cyber activity in an on-going campaign “to compromise and exploit networks and endpoints associated with the U.S. election, as well as a range of U.S. Government, political, and private sector entities.” It drew on knowledge from private sector data and declassified government intelligence, and was meant to help IT professionals identify and combat potential Russian threats.
You’ve got Spear Phished
Among the threats labelled are spear phishing, which launched the DNC hack, damaging and/or disruptive cyber attacks in foreign countries, and impersonating third parties online. The report points to two Russian hacker groups as highly crafted using spear phishing against senior Democratic Party officials to gather passwords, gain access and steal content, and infect with malware.
Many in the cybersecurity community criticized the report, with some claiming it actually was too broad and actually incentivized non-governmental hackers to use Russian code like PAS. Others say the over-generalized information in Grizzly Steppe caused undo paranoia and led to the Washington Post falsely reporting that Russian code was found on an American electrical grid.
While eight of the 13 pages in Grizzly Steppe detail ways IT managers can defend themselves against Russian hackers, critics have also called these too vague. Perhaps the key takeaway should be that in today’s political and technological climate, organizations should be more vigilant than ever — particularly against socially engineered hacks like spear phishing, which saw a 55% increase in 2016.
Our recommended steps to take
If you don’t want to fall prey to spear phishing like Hillary Clinton and the DNC, we propose these steps your organization can follow to create a more secure network:
Get an effective spam filter that blocks phishing attacks. New attempts often have a pattern where the email is from a local domain to a local domain, but with a non-local reply address. You need a filter that blocks these types of emails.
Advanced Threat Protection
High-end email filters include extra filtering functionality categorized as Advanced Threat Protection. This is a catchall for new threats including the varied, evolving forms phishing attacks can take. Advanced Threat Protection will also appear under the banner of ‘next generation’. These systems go beyond signature-based detection and blocking, and into behaviour analysis and infection detection.
You need to train your users to read emails critically — especially if there’s a monetary call-to-action. Depending on the value, they should always be countered with a human verification like a phone call.
Check your Checks
Update your financial processes, including more checks and verification. Let’s face it: a simple email from someone should simply not be adequate to release a large amount of funds to an account.
Data Loss Protection (DLP)
Having a proper DLP with rules where emails concerning financial transactions are monitored is ideal — especially one using proper email DLP modules.
Ultimately, the only way you can protect your organization against threats —Russian or otherwise— is working with a reputable cyber security partner. The alternative can be… well, grizzly.
For a more in-depth look at trends and solutions, check out our white paper on 14 Cyber Security Trends and Solutions for 2017.