Bots & Ballots Make A Sophisticated Threat

Uploaded on 2018-08-14 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW

The recent indictment of 12 Russian intelligence officers seeking to influence the outcome of the 2016 presidential election may have come as a surprise to many US citizens. But a leading cybersecurity expert believes it shows just how sophisticated the threat is to democracy.

“One of the most striking things in the indictment is really how much of a campaign it is, and how many hundreds of people and how much of an assembly line operation it is. And that speaks to the nature of the hacking and what it really takes to be successful,” Oren Falkowitz, CEO of cybersecurity firm Area 1 Security, told Yahoo News’ podcast

“Bots & Ballots.” “Cyber offensive operations, or stealing or hacking, it’s a numbers game and it requires large campaigns. We often talk about these things as if they’re ultra-targeted, and that’s simply not the case.”

Falkowitz, who held senior positions at the National Security Agency, told TV show “Bots & Ballots” host Grant Burningham that the threat from bad “cyber actors” is continually evolving.

“The goals have really shifted significantly, from website defacement to stealing data to manipulating data to some sort of financial gain to now larger and more thematic or outcomes that really challenge society, like elections,” Falkowitz said.

At the same time, however, the Justice Department indictment showed what Falkowitz knew all too well. Hillary Clinton’s campaign chairman John Podesta was hacked because he fell for a phishing expedition disguised as a Google login page.

“That is a technique that is used by all cyber actors; over 95 percent of the campaigns start with these types of phishing,” Falkowitz said. “Sometimes it looks like it comes from the CEO and it says, ‘Hey, could you call me,’ or ‘Could you send me this?’ So there’s a variety of lures or visual or authentic cues, but it’s always targeting a user.”

Having broken into Podesta’s computer and the DNC’s server, the Russian agents are alleged to have launched a variety of tools to widen what Falkowitz calls “data access” to further compromise Clinton’s presidential bid.

The operation played out in a predictable way, Falkowitz says, but it shows just how effective the hacking techniques are. More worrisome is just how vulnerable elections in the United States remain.

“There’s a lot of discussion about what might happen from a cybersecurity perspective in the 2018 midterms and the 2020 presidential election just following that,” Falkowitz said.

“And, as of late, what I’ve been observing is that people are talking about voting machines and some of the infrastructure that’s run on a state-by-state basis. But candidates are increasingly targets for these types of cyber-campaigns, and we’re not doing enough early to get in front of it and we’re likely to see more of this going forward. I think we really only saw the tip of the iceberg.”

Yahoo Finance

You Might Also Read:

The Mueller Investigation Identifies Russian Spies:

Hillary Clinton’s Cyber Warfare Warning:

« COSCO Cyber Attack And The Importance Of Maritime Cybersecurity
Law Firms Are Uneducated & Exposed »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Center for a New American Security (CNAS)

Center for a New American Security (CNAS)

CNAS is the nation's leading research institution focused on defense and national security policy. Cyber security issues are an intrinsic element of the national security debate.

Equilibrium Security Services

Equilibrium Security Services

Equilibrium Security Services is a specialist cyber security company providing a full spectrum of IT security solutions from consultancy to design & implementation and managed security services.

Cynerio

Cynerio

Cynerio develops cybersecurity protections for medical devices, comparing network behavior with a database of medical workflows.

Cybersecurity Competence Center (C3)

Cybersecurity Competence Center (C3)

The Cybersecurity Competence Center was created to further strengthen the Luxembourg economy in the field of cybersecurity.

National Forensic Sciences University (NFSU)

National Forensic Sciences University (NFSU)

National Forensic Sciences University is the world’s first and only University dedicated to Digital Forensic and allied Sciences.

Ensconce Data Technology (EDT)

Ensconce Data Technology (EDT)

EDT’s focus is on providing solutions to properly sanitize Solid State Drives (SSD) and Magnetic Drives (HDD) before they are disposed or redeployed.

Ensighten

Ensighten

Ensighten is a leader in Website Security & Privacy Compliance. Protect your website from malicious attacks, monitor & detect vulnerabilities, protect consumer data.

Madrona Venture Group

Madrona Venture Group

Madrona Venture Group invests in seed and early-stage technology companies in areas including cybersecurity.

BreachQuest

BreachQuest

BreachQuest brings together cybersecurity experts with decades of experience identifying security flaws, penetrating networks, and responding to incidents.

BitTrap

BitTrap

BitTrap helps companies worldwide detect attackers and put an early end to breaches, preventing data exfiltration and ransomware altogether.

Tetrate.io

Tetrate.io

Tetrate Service Bridge provides enterprises with a consistent, unified way to connect and secure services across an entire mesh-managed environment.

Certihash

Certihash

Certihash have developed the world’s first blockchain empowered suite of information security tools based on the NIST cybersecurity framework.

Sealing Technologies (SealingTech)

Sealing Technologies (SealingTech)

SealingTech is a leader in cutting edge research, products, engineering, and integration services in the Internet of Things, Edge, Machine Learning, Artificial Intelligence, and Cloud.

Dutch Research Council (NWO)

Dutch Research Council (NWO)

The Dutch Research Council (NWO) is one of the most important science-funding bodies in the Netherlands and ensures quality and innovation in science.

Axians

Axians

Axians supports its customers in their digital transformation journey. We offer ICT solutions and services in areas including Enterprise Networks and Cybersecurity.

Securily

Securily

Securily offers the ultimate solution for small to medium-sized businesses, blending cutting-edge AI with expert human insight to deliver the world’s easiest and most effective pentesting experience.