Three things I've just read:
Russia Looks to Replicate its Success: It shouldn’t surprise anyone that after its remarkable impact on the U.S. election, Russia is already working to influence elections in other nations of strategic importance. Most recently, the German intelligence agency the BfV has highlighted “growing evidence of attempts to influence the federal election next year.”
The BfV indicates that it’s tracking hacking threats – particularly targeting German politicians and are likely designed to uncover information that can be used in targeted releases. But it is also monitoring for other disinformation campaigns, including “automated opinion-forming” bots and fake news.
Early and firm action – both to increase the security of likely targets, and create disincentives for more meddling – is our best shot at derailing this growing campaign as it continues to spread. I’m reading: “BfV: Russia is Trying to Destabilise Germany."
Lessons from the Trenches: Phishing: Phishing campaigns continue to increase in sophistication and effectiveness. This example is one of the best I’ve seen. A brief, informal email, a title with multiple “RE:”s included to imply an ongoing discussion, a link instead of an attachment, and a cleverly falsified “permissions” page designed to lull users into clicking on a link to enable macros and give the attacker access.
These campaigns will only get more sophisticated as time passes. The continued innovation should be a stark reminder that no security team should bet all its eggs on the perimeter. Bad guys will get through – but how well you control the environment they break into will determine whether you or they have the advantage in the ensuing hunt. I’m reading: “SwiftOnSecurity.”
Some Light Holiday Reading on Information Warfare: Every security expert should understand the ways that intrusions can be leveraged, and the motivation behind major hacks and other malicious activity. A new monograph out of NATO does a great job of walking through the history and discipline of Russian information warfare – something we’ll only see more of in the months and years to come. I'm reading: "Handbook of Russian Information Warfare."