Experts call for resilience after cyber-attack on Trump's campaign

In response to recent news that Former President Donald Trump's campaign experienced a cyber-attack leading to the leak of internal communications, industry experts have weighed in on the implications and necessary measures to prevent similar incidents.

Aleksandr Yampolskiy, CEO of SecurityScorecard, highlighted the importance of adopting a resilience-oriented approach rather than focusing solely on robustness. He remarked, "Foreign state actors and adversaries will inevitably try to infiltrate political campaigns. Therefore, adopting a resilience - instead of robustness - mindset is essential." Yampolskiy stressed that it is prudent to assume an attacker will eventually breach a campaign's infrastructure. Consequently, making it arduous for hackers to extract valuable information is crucial.

Yampolskiy suggested tactics such as using "decoy documents" to trigger alerts when accessed by unauthorized users or blending decoy information with real data to confuse hackers. Furthermore, he emphasised the significance of securing the IT infrastructure of state governments, particularly in battleground states, to maintain election integrity. He pointed out that public sector systems are often complex and slow to secure, presenting numerous vulnerabilities for exploitation by attackers.

"Many attacks rely on sophisticated phishing emails or deepfake audio and video to trick campaign staff into divulging sensitive information or infecting their computers," Yampolskiy explained. He underscored the necessity for public sector entities to utilise security Key Performance Indicators (KPIs) to assess and manage risk. "As the saying goes, what you can't measure, you can't improve," he added.

Max Gannon, Cyber Intelligence Team Manager at Cofense, offered further insights, particularly focusing on the spear phishing email that precipitated the leak of Trump's campaign documents. According to Gannon, government targets require enhanced protection during election periods as they become prime targets for threat actors.

"This is particularly a problem for smaller county-level government employees who may not have the resources or training that members of larger political campaigns often do," Gannon noted. He explained that compromising a local government employee might not seem like a significant threat to large-scale political campaigns. However, it grants threat actors access to a verified .gov email account, which they can then use to launch more effective spear phishing campaigns against primary targets.

Gannon elaborated on the sophistication of modern phishing tactics. He mentioned that threat actors often employ hyperlinks to direct victims to malicious domains that steal credentials before redirecting them to legitimate websites. "The tactic of using a hyperlink to direct traffic to a threat actor-controlled domain that steals credentials and then redirects to the legitimate website is not new but it is far more effective than simply ending the attack chain with a 404 like threat actors used to do," he remarked.

The commentary from Yampolskiy and Gannon sheds light on the evolving nature of cyber threats targeting political campaigns and the critical need for robust cybersecurity measures. Their insights underscore a multifaceted strategy combining technical defences, awareness training, and risk management to safeguard the integrity of the electoral process.

As political campaigns continue to be lucrative targets for cyber adversaries, the onus lies on campaign teams and government agencies to stay ahead of these threats by implementing comprehensive security strategies. The advice from industry experts like Yampolskiy and Gannon serves as a vital reminder of the persistent risks and the importance of vigilance in the digital age.