The special counsel investigating Russian interference in the 2016 election issued an indictment of 12 Russian intelligence officers on Friday in the hacking Hillary Clinton’s campaign and the Democratic National Committee during the presidential election. The 12 Russians stole and leaked emails as part of a Russian government effort to interfere with the election. The indictment came only three days before President Trump was planning to meet with President Vladimir V. Putin of Russia in Helsinki, Finland.
Leo Taddeo, Chief Information Security Officer at Cyxtera:
“The indictment teaches cyber security professionals several important lessons. Many legacy security solutions, even when used in combination, simply aren’t designed to mitigate the risks presented by today’s adversaries.
First, access controls that require only user name and password are effectively useless. Given the seemingly unstoppable effectiveness of spearphishing, enterprises must assume that one or more of their users has had their credentials compromised. An effective security solution must do more than just verify a user name and password. It must be able to tell if the context of a remote connection is suspicious, such as if it originates from an unusual location or time of day, or from a device with no antivirus software installed. And it should be able to ask for additional authentication steps like one-time passwords (OTP), adjust user permissions on the fly, and ultimately block access according to the level of risk. To accomplish this, organizations must adopt a user-centric context-aware model that is built on the principle of least privilege.
Second, the indictment specifically calls out that the conspirators conducted scanning on the network IP protocols. The fundamental reason for this vulnerability is that TCP/IP – which was originally designed to operate in an environment where the user community knew and trusted each other – is based on implicit trust, with a “connect first, authenticate second” approach. In today’s hyperconnected and highly adversarial threat landscape, this approach puts organizations at risk. Alternate access control technologies, such as Software-Defined Perimeter, are built on an “authenticate first, connect second” approach ensure that only authorized users can connect to network resources. This reduces the attack surface and significantly improves security. With Software Defined Perimeter, all resources are invisible to the dangerous reconnaissance techniques outlined in the indictment.
Last, but not least, the indictment reveals the conspirators hacked into the DNC’s computers through their access to the DCCC network. They then installed and managed different types of malware to explore the DNC network and steal documents. This highlights need for organizations to better manage the risks of third-party access. By using a solution that leverages the Software-Defined Perimeter security framework, organizations can ensure that all endpoints attempting to access a given infrastructure are authenticated and authorized prior to accessing any resources on the network. This not only applies the principle of least privilege to the network, it also reduces the attack surface area by hiding network resources from unauthorized or unauthenticated users.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.