Cybersecurity Threats During an Election Cycle
In a recent blog, Microsoft warned of increasing cyber-attacks leading up to the 2020 election. These attacks are targeting businesses in the entertainment, hospitality, manufacturing, financial services and physical security industries along with the expected targets of political parties, candidates, their consultants and think tanks. The increase in politically motivated attacks and the growing threat from ransomware, are the leading reasons 60% of business leaders feel their cybersecurity risks are increasing.
The attacks Microsoft observed and revealed in the blog are being led by a group of Russian hackers called Strontium, Chinees hackers called Zirconium and Iranian hackers called Phosphorus.
The Russian group Strontium have been harvesting user credentials through brute force attacks and password spray techniques along with their more traditional spear fishing attacks. These large-scale efforts led by Strontium utilize pools consisting of 1,000s of IP addresses anonymizing the attempts which can occur as fast as once per second according to Microsoft.
Zirconium has successfully compromised nearly 150 Office365 accounts using web bug or web beacon tactics to identify active accounts for further attacks. These tactics drive users to a domain as a way of filtering out active user accounts for future targeted attacks. As far as it’s currently known, the domains the users access don’t directly contain malware or assist in the attack in any other way.
Just as our schools are under increasing threat of cyber attack, your organization doesn’t have to be tied to the election to be a target of politically motivated attacks. Gaining access to any network allows the attackers more processing power and IP addresses to carry out further attacks. If you have internet-connected hardware, you are a target.
1. Enable multi-factor authentication (MFA)
The trouble with passwords is they can be quickly guessed through social engineering or brute force attacks and stolen in prior breaches. MFA eliminates the risk from weak passwords or brute force attempts and is a key component in securing the on-premise and remote workforce.
2. Actively monitor failed authentications
Monitoring for failed login attempts can often be the first indicator of a new attack and allows your team time to assess the threat and respond. Even if the failed logins are unsuccessful, they steal system resources from legitimate users and give bad actors access to your systems they shouldn’t have. Monitoring for failed attempts can help to keep an IP blacklist/whitelist current along with building more advanced threat detection profiles. Seeing failed attempts on accounts can even lead to a forced internal review of user permissions so you can ensure all accounts only have the necessary privileges.
3. Educate users
Educating users on the current techniques employed in attacks and how they can assist in overall security is an often overlooked component to combating many forms of cyberattacks. When employees or vendors are aware of social engineering risks or even simple training such as knowing how to spot a phishing email can greatly reduce the success rate of attacks.
Following these steps will get you started down a path to a more secure future, however; they are no replacement to working with a top managed service provider for your internet security. Working with a managed service provider who knows the latest threats and how to combat them is the surest path to security.