Be wary around random, but legitimate-looking emails popping up in your inbox. A foreign government may be using them to try to hack you.
That may sound far-fetched, but Russian cyberspies allegedly stole sensitive files from Democratic groups and figures using this very tactic. In some cases, the spoofed emails pretended to be from Google and managed to trick victims into giving up their login details, paving the way for a series of high-profile hacks that rocked this year’s presidential election.
But even as the presidential race is over, cybersecurity experts warn that state-sponsored hackers remain a dangerous threat. Political organizations, businesses, and universities all should be on guard -- you’re probably already in their crosshairs.
A persistent threat
Russian cyberspies gained particular notoriety this year. U.S. intelligence agencies have blamed them for allegedly carrying out hacks meant to influence November’s election. Among their methods: breaking into the personal email accounts and networks of their victims and then leaking the stolen documents online.
“I do think the Russian campaign has been very successful in accomplishing its objective of weakening American democracy,” said Dmitri Alperovitch, CTO of security firm Crowdstrike.
The suspected Russian cyberspies also have no reason to stop. Since the presidential election, they’ve been found going after U.S. think tanks and even the German government with the consistent use of email attacks designed for espionage.
However, Alperovitch said potential targets of state-sponsored hackers can still fend off the threat. His company is among those providing a security product that goes beyond monitoring for computer viruses and can track for any unusual activity occurring on a system. This can be particularly useful in detecting hacking tools Russian cyberspies tend to favor, which often masquerade as legitimate computer processes secretly tasked to steal files.
“I think the problem is people are relying on legacy technologies to stop these attacks,” he said. “These tools are clearly failing.”
Russian hackers have been blamed for targeting U.S. political targets.
Struggling to keep up
Although suspected Russian cyberspies became a major topic in this year’s U.S. election, state-sponsored hackers have been around for years, often times stealing sensitive data or intellectual property from businesses and government agencies. In addition to Russia, China, Iran, and the U.S. National Security Agency have all been implicated in various cyberespionage incidents.
So why do the hackers keep on succeeding? Some of that blame can go to the victims, many of whom don’t fully understand how to deal with the threat, said Peter Firstbrook, an analyst with research firm Gartner.
Sign up for Computerworld eNewsletters.