Be wary around random, but legitimate-looking emails popping up in your inbox. A foreign government may be using them to try to hack you.
That may sound far-fetched, but Russian cyberspies allegedly stole sensitive files from Democratic groups and figures using this very tactic. In some cases, the spoofed emails pretended to be from Google and managed to trick victims into giving up their login details, paving the way for a series of high-profile hacks that rocked this year’s presidential election.
But even as the presidential race is over, cybersecurity experts warn that state-sponsored hackers remain a dangerous threat. Political organizations, businesses, and universities all should be on guard -- you’re probably already in their crosshairs.
A persistent threat
Russian cyberspies gained particular notoriety this year. U.S. intelligence agencies have blamed them for allegedly carrying out hacks meant to influence November’s election. Among their methods: breaking into the personal email accounts and networks of their victims and then leaking the stolen documents online.
“I do think the Russian campaign has been very successful in accomplishing its objective of weakening American democracy,” said Dmitri Alperovitch, CTO of security firm Crowdstrike.
The suspected Russian cyberspies also have no reason to stop. Since the presidential election, they’ve been found going after U.S. think tanks and even the German government with the consistent use of email attacks designed for espionage.
However, Alperovitch said potential targets of state-sponsored hackers can still fend off the threat. His company is among those providing a security product that goes beyond monitoring for computer viruses and can track for any unusual activity occurring on a system. This can be particularly useful in detecting hacking tools Russian cyberspies tend to favor, which often masquerade as legitimate computer processes secretly tasked to steal files.
“I think the problem is people are relying on legacy technologies to stop these attacks,” he said. “These tools are clearly failing.”
Struggling to keep up
Although suspected Russian cyberspies became a major topic in this year’s U.S. election, state-sponsored hackers have been around for years, often times stealing sensitive data or intellectual property from businesses and government agencies. In addition to Russia, China, Iran, and the U.S. National Security Agency have all been implicated in various cyberespionage incidents.
So why do the hackers keep on succeeding? Some of that blame can go to the victims, many of whom don’t fully understand how to deal with the threat, said Peter Firstbrook, an analyst with research firm Gartner.
“Customers are looking for a magical button to stop all these threats,” he said. Businesses will then buy the tools and assume they’re safe, when in reality they aren’t properly being used.
For example, many businesses often fail to install security patches with their IT products -- including the antivirus software -- exposing them to hacks that otherwise could have been prevented. They may also ignore the warnings that pop up from security software, believing them to be a false positive. Or they’ll even forget to turn the software on.
However, in other cases, the businesses had limited expertise on staff to deal with the cyberthreats the security tools encountered.
“If you buy the tools without hiring the right people, you are not going to solve your nation-state hacking problem,” Firstbrook said.
The need for vigilance
For businesses and institutions struggling to recruit security talent, they can consider outsourcing that role to a company like Dell SecureWorks. It is among the vendors that can step in and manage or consult an organization’s IT security.
Phil Burdette, a researcher with the company, noted that foreign government hackers aren’t necessarily using state-of-the-art hacking techniques. Russian cyberspies, for instance, keep resorting to sending phishing emails as a way to steal a user’s password login information.
“There’s always a lot of emphasis on zero-day exploits and the attackers using the most sophisticated methods,” he said. But in reality, state-sponsored hackers tend to “use the path of least resistance.”
To prevent data breaches, users and business should consider implementing two-factor authentication with their email accounts and online services, Burdette said. In that way, the hackers can’t break in with only a stolen password.
He also recommends that organizations partner with specialists who routinely investigate state-sponsored hackers. Often times, a business with less cybersecurity experience will assume it has foiled an attack only to realize the hackers were just getting started.
He also warned that no organization should assume they haven’t already been attacked. Security researchers are continually finding new evidence to suggest state-sponsored hackers were successful years before their intrusions were spotted -- the initial attack simply went undetected.
“We are getting better at learning how bad we are losing,” Burdette said.