This year’s indictment of Russia for attacking key players in the 2016 elections gave us a valuable education in cybersecurity.
Gary Golomb, Chief Research Officer, Awake Security:
The Russian indictment released in July by the special counsel run by Robert Mueller holds insights that aren’t just relevant for legal and foreign affairs experts. Anyone involved in elections, government or even vendors serving the public sector can learn a lot about common attack vectors from the report.
The 29-page indictment was the most detailed accusation by the American government to date of the Russian government’s interference in the 2016 election, according to The New York Times.
From a security perspective, the attack itself was unsurprisingly simple. The techniques used in this case are what everyday attackers use, requiring very little financial or time investment — i.e., you don’t need the resources of a nation state to launch one. Similarly, the challenges the victims faced in discovering and responding to those attacks are not unique either. And its important to point out the techniques are the same whether you are trying to influence an election or steal sensitive personnel data.