What are the Russians up to now?
With the elections coming, should we expect more of the same — fake Facebook pages, Twitter chaos, email attacks, and other forms of hacking? Yes, indeed.
And we should know that their playbook is constantly changing, with overseas groups like Fancy Bear (funny name, serious group) always on the hunt and backed by you-know-who.
That relentless search to steal our secrets and bring havoc to our nation took on a new look this summer as a Russian hacker tried unsuccessfully to recruit an employee of an American firm to install malware for them from the inside.
If you are not startled by this, you should be. It’s obviously not the first time they tried this. Everyone in our state and nation should be thinking about the possible ramifications of this incident.
When you think about socially engineered email attacks, you have a hacker who targets an organization and starts digging through their website, identifying potential employees who might be a good person to target.
If they are preparing an email attack, they usually see this from a “who is likely to click” standpoint; or perhaps a “who is likely to give me remote access,” especially if planning an old-school phone attack.
Taking this to the next level, think about it from an espionage standpoint.
Once a target organization is identified, spies want to pick someone who they can “flip” as an agent, mole, leak, etc. The same goes for hackers: start on the website, move to social media, look for someone who complains online — about their job, their boss, never having a date or being broke, etc.
They then reach out with the ask, exploiting them based on the weakness. In the case of the Tesla employee, the Russians offered them $500,000 to embed malware into the system.
So, all those dollars invested in cybersecurity, two-factor authentication, training, advanced threat protection are out the window, since those tools cannot protect from a “malicious insider” as described earlier.
Is every one of your employees 100% in the trust tree? Do you have volunteers or interns that may work in the office, during campaigns or Legislative Session?
I checked in with James Taylor, CEO of the Florida Technology Council, to see what he is seeing regarding this threat, as well as others in our state:
“Tesla is not alone when it comes to Russian attempts to interfere. We were recently approached by an organization called RT America to discuss the increase in traffic on the internet amid the pandemic and the resulting strain on America’s infrastructure.
“At first glance, this seems harmless enough. RT America is a legitimate television and internet news network that broadcasts out of Washington D.C. However, when you dig a bit further, you’ll discover their home office is located in Moscow, Russia, and the network is funded and controlled by the Russian government.
“The Florida Technology Council works with many law enforcement organizations, including the FBI, with a focus on tech education. Our contacts warned us that operations like RT America search for content they can use to advance projects in their own countries while at the same time using all negative information as propaganda to show how terrible things are in the United States. RT America, like many Russian organizations, increase their presence before our elections.”
You can read more about them here.
When you wonder if 2020 can continue to produce more negativity, it can, and just keeps getting harder to believe.
We can add this one to the list — along with the pandemic, dual hurricanes, civil unrest, canceled sports, murder hornets and yes, now we have Russian hackers on our soil.
Thankfully “Egor” was apprehended as this Tesla employee went straight to the feds when approached. You can guarantee Mr. Egor Igorevich Kriuchkov was not working alone. The question is how vast is this network and who will be next?
You can also bet RT America and other entities owned overseas will be spewing out their opinions on overdrive, as Taylor indicated.
Be careful with who you collaborate in 2020. When it comes to “malicious insiders,” we all need to know about this type of threat, and if someone contacts you on a communication platform out of the blue to get involved with some sort of criminal activity, call the authorities immediately.
Blake Dowling is CEO of Aegis Business Technologies, the host of the Biz & Tech podcast, and writes for several organizations. He can be reached at firstname.lastname@example.org.