Clinton hack went deeper than first reported

The Democratic National Committee (DNC) has already acknowledged it was hit by cyberespionage earlier this year. Now comes reports that other groups with close ties were hit by the same attack – and the way it was carried out could have wide-reaching effects. 

Most agree that the attack was performed by Russian intelligence groups attempting to gather background information on presidential candidates, their policies and upcoming strategies. Researchers now say that lobbyists, aides, think tanks and more were targeted in the same attack.

It’s probably not too shocking that the method chosen for this attack was an old standby, spearphishing campaigns. These targeted attacks attempt to fool users into giving away information or credentials or to attempt to load malware onto users’ systems. According to reports, roughly 4,000 accounts were targeted as a part of this campaign.

3 rules to live by

It’s nearly impossible to stop a determined attacker in every instance, and it’s even harder if there’s a team of hackers working against your organization.

That said, there are ways to mitigate the threat.

Here are three rules your users should commit to memory.

  1. Never put credentials in an email. If anyone – your IT manager, your mother, anyone – asks you to send over your password, don’t do it. It’s that simple.
  2. Leave attachments unopened. Until you’ve verified the sender is who they claim to be and that they’re sending you something you need, don’t click that download button.
  3. Read addresses carefully. Look for misspelled domain names or other typos that could indicate someone is spoofing an email address. And if the email comes from a co-worker’s non-work address, ask for them to send it from a work account instead.

 

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy