NRCC Email Hack Highlights Lack of Visibility & Proactive Threat Hunting at Political Organizati

save
Share and earn Cybytes
Facebook Twitter Google+ LinkedIn Email

Earlier this week, Politico reported that the National Republican Congressional Committee (NRCC) suffered a major attack prior to the 2018 U.S. midterm elections, with thousands of sensitive emails from four senior aides exposed to an outside intruder. While the impact of this breach is still unfolding, history is repeating itself in the political realm. Unfortunately, cybersecurity has become too passive for political organizations and we’re seeing that failure play out with a major breach…again.

Nation-state actors in today’s pressurized geopolitical landscape feel more emboldened and empowered than ever. According to Carbon Black’s recent Quarterly Incident Response Threat Report, nearly half of all IR investigations stem from two countries: China and Russia.

So why does this continue to happen?

1) Geopolitical tension is manifesting itself in cyberspace via cyberattacks that are increasingly leveraging advanced tactics such as lateral movement, counter incident response and island hopping. These attacks are also becoming more destructive, honing in on specific targets, causing system outages and destroying data in ways designed to paralyze an organization’s operations.

2) Political organizations largely lack the visibility and threat hunting capabilities to sniff out advanced threats. Attackers are no longer simply relying on malware. They’re playing the long game, seeking to establish a foothold in networks, moving laterally in an attempt to remain invisible. Without adequate visibility into what’s occurring on an enterprise, or the ability to hunt these threats, headline-making breaches will continue.

Threat hunting is a proactive approach to cybersecurity that identifies gaps in defenses and stops attacks before they go too deep. While it may seem aggressive to work on the “assumption of breach” — that attackers are already inside an organization’s network and are covertly monitoring and moving throughout it — the reality is that attackers may be inside a network for days, weeks and even months on end, preparing and executing attacks (or stealing emails), without any automated defense detecting their presence. This was precisely what occurred with the NRCC hack. What good is a security solution if it leaves your organization vulnerable after, say, two years?

Instead of simply looking for malware, or what we know is already bad, we should be looking to identify and stop attackers behaviors. This concept is extremely well represented in the MITRE ATT&CK framework, which maps adversarial behaviors including: initial access, execution, privilege escalation, defense evasion, credential access, discovery, lateral movement, collection, exfiltration, and command and control. Using the MITRE ATT&CK framework as a way to understand attacker behavior is a great place to start. It’s also a great way to assess endpoint security solutions and how they measure up against specific attacks.

In MITRE’s first public evaluation of endpoint detection & response (EDR) solutions, CB Response delivered zero delayed detections and zero tainted detections. This assessment specifically measured Carbon Black’s ability to quickly detect specific adversary tactics and techniques as captured in the ATT&CK knowledgebase. We’re extremely proud of these results and encourage you to do some research on your own, looking at how Carbon Black fared against the vendors tested in the initial cohort.

While some of the other vendors required “humans in the loop” to make many of their detections, 100% of Carbon Black detections were fully automated with zero delays and zero humans needed.

Political organizations have A LOT to worry about and cybersecurity is by no means perfect. But if there’s a way to make detecting and stopping advanced threats a bit easier, while making comprehensive security an organic component to an enterprise, political organizations should look to make an earnest commitment to further protecting democracy.

The post NRCC Email Hack Highlights Lack of Visibility & Proactive Threat Hunting at Political Organizations appeared first on Carbon Black.

Share this post and earn Cybytes
Facebook Twitter Google+ LinkedIn Email
Follow
110 Followers
About Carbon Black, Inc.
Carbon Black is the leading provider of next-generation endpoint security. Carbon Black’s Next-Generation Antivirus (NGAV) solution, Cb Defense, leverages breakthrough prevention technology, “Streaming Prevention,” to instantly see and stop cyberattacks before they execute. Cb Defense uniquely combines breakthrough prevention with market-leading detection and response into a single, lightweight agent delivered through the cloud. With more than 7 million endpoints under management, Carbon Black has more than 2,500 customers, including 30 of the Fortune 100. These customers use Carbon Black to replace legacy antivirus, lock down critical systems, hunt threats, and protect their endpoints from the most advanced cyberattacks, including non-malware attacks.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel