The US FBI has begun investigating alleged Iranian hacking attempts at the Donald Trump re-election campaign, according to The Washington Post. Iran may also have targeted the Biden-Harris campaign.
The hack has led to several documents being taken and these have been used to attempt to extract money from different newsrooms.
Following this news from former President Donald Trump’s campaign that some of its internal communications had been hacked, Aleksandr Yampolskiy, CEO of SecurityScorecard assesses the implications for the democratic process.
While it is uncertain as to who was behind the attack, Yampolskiy thinks the most likely source are rogue states. He notes: “Foreign state actors and adversaries will inevitably try to infiltrate political campaigns. Therefore, adopting a resilience – instead of robustness – mindset is essential.”
Despite the continued bombardment of business and political systems, Yampolskiy says there are measures that can be put in place to help to repel such attacks and to minimise the associated risks.
In this content, Yampolskiy notes: “Assume that an attacker will sooner or later break into your campaign’s infrastructure, but make it difficult for hackers to extract valuable information. One effective tactic is using “decoy documents” to trigger alerts when an unauthorized user accesses them or to confuse hackers by blending decoys with real data.”
On the subject of the US political process, Yampolskiy indicates: “Securing the IT infrastructure of state governments is crucial for maintaining election integrity, especially in battleground states. Unfortunately, public sector systems are often complex and slow to secure. Attackers only need one weak spot to exploit, while defenders must secure every potential vulnerability.”
Generally, there is some commonality with the form and nature of the cyberattacks. Yampolskiy spells these out: “Many attacks rely on sophisticated phishing emails or deepfake audio and video to trick campaign staff into divulging sensitive information or infecting their computers.”
The analyst concludes with: “As the saying goes, ‘What you can’t measure, you can’t improve.’ It’s vital for the public sector to use security KPIs to measure and manage risk effectively.”
