Over the holiday I was catching up on some reading and was tuned into an interesting article by a colleague of mine. There’s been a lot of noise lately about Russia’s potential impact in the US electoral process in November. Regardless of political views, there does appear to be malicious spear phishing attacks perpetrated by the Russian civilian and military intelligence Services (RIS).
Last week DHS and the FBI put out a whitepaper detailing the political hacking campaign and recommended mitigation strategies (click for full report).
In these attacks against sensitive US targets the “Grizzly Steppe” (as the RIS attack is being referred to) utilized apparently harmless, friendly emails encouraging people to change passwords or disclose other sensitive information. The Russians then directed the unsuspecting targets to apparently legitimate websites to enter in personal data that was later used to exploit critical US infrastructure.
What can be done to prevent cyber attacks as outlined in this article? It appears that training personnel would be top of the list for prevention, however DHS makes a host of clear security recommendations, stating that implementing these procedures may prevent upwards of 85% of cyber attacks:
- Restricting Administrative Privileges
- Network Segmentation and Segregation into Security Zones
- Understanding Firewalls
While this specific attack was directly targeting individual employees, it does deserve notice for the cunning ability of hackers to penetrate our sensitive federal networks.
In addition to the (above listed) mitigation strategies, the DHS paper also recommended penetration testing as a potential strategy for thwarting bad guys.
A lot of focus attends to the Application layer of the client but close attention should also be paid to Layer 3 access of critical network elements. Do you have “hardened network security”, but still allow an undefined and unlogged set of personnel to access core network elements Out-of-Band? How is remote repair accomplished for reconfiguration or power rebooting in a secure fashion?
I’d argue that as important as training and good email habits are to protecting sensitive data, so are core network security protocols. Take a look at partners that can provide the mandated encryption and logging security to ensure OOB sessions are not part of your network vulnerability.