Hacking is more than a nuisance. It’s more than just a legal liability or a public relations problem. If the events of the last few weeks are any indication, hacking might have a say about whose fingers will be on the button to launch America’s 1900 hydrogen bombs.
A quick recap: More than one malicious actor penetrated the email servers of the Democratic National Committee (DNC). The DNC is at once a relatively small non-profit organization and one of the most influential groups of people in the world. From a security perspective, the DNC seems to have been a lightly guarded fortress. That’s a shame, because they play a key role in determining who will hold the most powerful position on planet Earth. They run America’s Democratic Party. According to Wired, when Crowdstrike, a threat analysis firm, inspected the DNC’s servers they found “two separate Russian intelligence-affiliated adversaries present.” Crowdstrike told Wired that one of the attackers had had access to DNC servers for nearly a year.
The hackers stole DNC emails and gave them to Wikileaks, which published 20,000 of them. Given the embarrassing revelations about the DNC and the election, the Chairwoman of the DNC resigned. Others are being fired. The entire affair has been cast as an attempt by Russian President Vladimir Putin to influence the US Presidential election, perhaps in favor of Donald Trump.
The DNC hack shows how high the security stakes can be for non-profit organizations that look small but cast a large shadow. Non-profits, even quite small ones, may hold data with high value. An art museum, for example, might have information that enables a thief to steal millions of dollars worth of art. The same museum might store sensitive personal information on billionaire trustees, and so forth. How well are these valuable data assets being guarded?
Spear Phishing in the Government
Everyone wants to know how the attackers – whoever they were – got inside the DNC. No one knows for sure, but experts suspect that the attackers used a spear phishing technique to gain access to the DNC’s IT assets. This theory was reported by CNN. Investigators also discovered evidence of spear phishing attacks on the DNC from earlier this year.
Spear phishing is a type of hacking that involves social engineering and impersonation to trick email recipients into opening files or clicking on malware links. Unlike basic phishing, which uses obvious scams like “You’ve won a contest!” spear phishing is much more insidious. A spear phishing attacker might pose as your friend, or colleague perhaps researching your LinkedIn profile to see whose email you would be most likely to open.
Imagine that a spear phishing attacker discovers that you have a friend or colleague called John Smith. If the attacker creates a free email account like john_smith22@gmail, he might get you to believe that your friend John is actually writing to you. After building trust, the attacker might then send you a malware link or ask you to share a login credential for a protected system. At that point, the attacker can get inside your network.
Spear phishing has been blamed for many recent large-scale US government data breaches. An organization like the DNC is ideal for spear phishing. The committee has many people working in different locations, likely mixing personal and organizational email accounts in their work. And, many of these people maintain very public profiles, as they are in public life. It would be easy for a hacker to get the names and email addresses of a target individual’s circle of friends as well as additional supporting information such as who was at which party the night before.
Anti-Spear Phishing in Non-Profits
The problem is that standard email security relies on comparing an incoming threat with known attacks (or signatures). But one-off personalized attacks are, by definition, not “known”. This makes most email security helpless in the face of a rising tide of sophisticated spear phishing attacks like the ones that likely contributed to the downfall of the DNC’s email security systems.
Vade Secure offers a solution that detects even totally novel email attacks. Unlike standard, signature-based email security platforms, Vade Secure employs heuristic analysis (a type of artificial intelligence trained by a massive data set covering hundreds of millions of email boxes) to catch even the most devious phishing attacks. This artificial intelligence is backed up by not one but two traditional anti-virus solutions. Vade Secure can spot malicious emails whether or not they include an attachment or URL.
Stop personalized attacks in their tracks.
Vade Secure can be instantly used instead of, or layered on top of, your existing email security system.
Contact us or give us a call at 415-745-3630, if you want to discuss how you can quickly add anti-phishing measures to your current email setup.