BACKGROUND:
In response to today’s Another Nobelium Attack report from Microsoft that threat actors affiliated with Russian intelligence conducted a phishing attack on the US Agency for International Development (USAID) to surveil human rights and other organizations critical of the Russian government, a cybersecurity expert with Gurucul offers perspective.
<p>These threat actors are masters at their craft and are using harder to detect methods of baiting users to click on something. Part of good cyber defense is to constantly brief your community (i.e., employees, suppliers, and other stakeholders) of the latest threats and trends and that they are a critical line of defense in ensuring a smooth operation.</p> <p> </p> <p>Organizations must continuously inform their community of employees, vendors and others to be suspect of anything they receive – even if it appears to be an internal email or notification. Taking that extra step of directly verifying the legitimacy of an email from outside the company really can become the difference as to whether or not your company will be hacked.</p>
<p>This proves yet again that one bad apple can spoil the whole bunch. A single user clicking on a single phishing link in a single email can expose an entire organization of connected agencies and businesses to cyber attacks. Education is critical to keeping employees and contractors from inadvertently opening the door to cyber criminals. A strong proactive cyber defense should be top of mind for all organizations.</p>