Trend Micro regarding the Cozy Bear hacking group targeting French presidential candidate Emmanuel Macron, Brian Vecci, Technical Evangelist at Varonis commented below.
Brian Vecci, Technical Evangelist at Varonis:
“In January, the U.S. Department of Intelligence predicted that Moscow would apply lessons learned from its attacks on the U.S. presidential elections to influence future elections worldwide. Just a few months later and we’re once again talking about Russia, phishing and a political candidate in the same sentence.
As we saw with the DNC and Hillary Clinton campaign examples, leaked emails can have a disrupting effect on campaigns and embarrass the candidate or party, and the risks don’t stop with email. Candidates for public office and political parties, like businesses create and store a lot of data in a lot of vulnerable places: communication strategy, membership base, donors and fundraising plans. In our recently released 2017 Varonis Data Risk Report, we found that on average organizations have 20% of folders open to every employee, and 47% had at least 1,000 or more sensitive files (personal data, credit card information, etc.) accessible to every user. One compromised account or system can compromise a massive amount of data, and possibly an election.
Had the highly targeted phishing attacks on French presidential candidate Emmanuel Macron’s campaign been successful in stealing credentials, the attackers would have become virtual “insiders,” gaining access to files and emails that could influence the election. Thankfully, this campaign was prepared enough to identify at least some of the phishing attempts, but it only takes one attempt for a hacker to steal your credentials. Let’s hope they were also prepared with additional layers of defense, like restrictive internal access controls that reduce the amount of sensitive data any one person or system can access, and sophisticated user behavior analytics that can spot and stop unusual access to files and emails before sensitive data is exfiltrated.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.