Now American Politicians Know the Value of a CASB
Within the past two weeks, the Democratic Congressional Campaign Committee (DCCC), the Democratic National Committee (DNC), and Hillary Clinton’s campaign have been the victims of very high-profile cyber attacks and subsequent data breaches. This raises a question: Have foreign actors begun using cyber attacks in order to influence American politics?
We may continue to speculate on how to answer that question as the investigation continues. However, we can examine what happened to each organization and look at how a similar attack could be prevented in yours. Let’s take a look.
The DNC was the first in a trio of attacks against Democratic party campaign entities. This attack uncovered emails that were promptly posted on WikiLeaks by Julian Assange. Mr. Assange has confirmed that the timing of the release wasn’t just convenient; he intentionally released the emails the weekend prior to the Democratic National Convention. The emails can be traced back to seven DNC leaders, two of them have now resigned.
Last Friday, leadership at the DCCC confirmed that it had been the victim of a similar attack, but has been relatively quiet on what was breached. However, DCCC spokeswomen Meredith Kelly stated that, “Based on the information we have to date, we’ve been advised by investigators that this is similar to other recent incidents, including the DNC breach.”
The Washington Post reported that according to a source familiar with the matter, the DCCC intrusion apparently is part of a much broader campaign of political espionage by the Russians.
The Clinton Campaign
A Clinton aide said the hackers had access to the analytics data program’s server for approximately five days. This service is used to conduct voter analysis, but it does not include sensitive donor and voter information such as social security numbers or credit card numbers.
American Politics and National Security are at Risk
In a non-election year, these breaches would certainly be cause for concern. After all, private donor and voter information is now at risk of being made public. Not to mention, the distribution of breached emails has resulted in the resignation of two high-profile Democratic party officials.
Three senior U.S. security officials told NBC News that the DNC and DCCC breaches are worrisome because political organizations have donor lists and other important data that, if compromised, could undermine a campaign’s functioning. We saw something similar occur in Mexico earlier this year, when the data of 87 million Mexican voters was exposed on an AWS server.
How These Breaches Could Have Been Prevented with the Help of a Cloud Access Security Broker (CASB)
As this is an ongoing investigation, officials have not yet confirmed the exact methods that were used to execute the DCCC and Clinton campaign attacks, or if the compromised applications were cloud-based. But we do know that the DNC breach was the result of an email-based phishing and malware attack. With 88% of organizations using cloud services, the odds are good that at least some of the affected applications were delivered in the cloud.
If it is true that the attacks used email-based phishing and malware to gain access to cloud-based services, the damage could have been limited with the the help of a CASB. Let’s talk a bit more about how a CASB could identify and remediate a similar attack.
CASBs can detect weak settings and account compromises.
- Popular email providers Microsoft Office 365 and Gmail offer domain-based messaging authentication reporting and conformance (DMARC) integration. DMARC is a technology designed to combat email spoofing and is useful to stop phishing. Integration with DMARC allows CASBs to detect weak settings and recommend best-practices that will help to prevent compliance violations in the respective email provider.
CASBs can detect and report on abnormal login activities.
- Account compromises are often the result of an email-based phishing and malware attack. UBA can be used to detect and report on abnormal login activities.
CASBs can detect and report risky email domains.
- While it’s not typical, it is possible for a CASB to use UBA profiling to analyze a sender’s email address and compare it to existing third-party threat intelligence. Theoretically, this could bring unseen and risky email senders to the surface for blocking and remediation.
These attacks should remind us that failing to secure cloud services can mean more than a financial loss in the form of a fine or a lawsuit, but it can impact something that affects an entire nation — the functioning of a political campaign and a representative democracy.
Graphic Credit: Mark Warner