Russia Phishing Attack On USAID, Other Human Rights Groups

BACKGROUND:

In response to today’s Another Nobelium Attack report from Microsoft that threat actors affiliated with Russian intelligence conducted a phishing attack on the US Agency for International Development (USAID) to surveil human rights and other organizations critical of the Russian government, a cybersecurity expert with Gurucul offers perspective.

Experts Comments

May 31, 2021
Saryu Nayyar
CEO
Gurucul

This proves yet again that one bad apple can spoil the whole bunch. A single user clicking on a single phishing link in a single email can expose an entire organization of connected agencies and businesses to cyber attacks. Education is critical to keeping employees and contractors from inadvertently opening the door to cyber criminals. A strong proactive cyber defense should be top of mind for all organizations.

May 31, 2021
Tom Garrubba
Senior Director and CISO
Shared Assessments

These threat actors are masters at their craft and are using harder to detect methods of baiting users to click on something. Part of good cyber defense is to constantly brief your community (i.e., employees, suppliers, and other stakeholders) of the latest threats and trends and that they are a critical line of defense in ensuring a smooth operation.

 

Organizations must continuously inform their community of employees, vendors and others to be suspect of anything they receive – even if it

.....Read More

These threat actors are masters at their craft and are using harder to detect methods of baiting users to click on something. Part of good cyber defense is to constantly brief your community (i.e., employees, suppliers, and other stakeholders) of the latest threats and trends and that they are a critical line of defense in ensuring a smooth operation.

 

Organizations must continuously inform their community of employees, vendors and others to be suspect of anything they receive – even if it appears to be an internal email or notification. Taking that extra step of directly verifying the legitimacy of an email from outside the company really can become the difference as to whether or not your company will be hacked.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.