Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Monday, 16 May, 2022
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

100% of European Political Parties with upcoming elections have left themselves and voters open to email-based cyberattacks

by The Gurus
May 18, 2017
in Editor's News
Share on FacebookShare on Twitter

New research, released today by Agari, reveals that despite the recent high-profile nation-state sponsored email attacks on political parties during elections, none of political parties in the UK, Germany and Norway, all of whom have upcoming elections, have email authentication or protection against spear phishing in place. 8% have published an email authentication policy but left the door wide open by setting their policy to “none”, which will not stop malicious emails from reaching intended victims. This lack of security is leaving voters, supporters and the parties themselves wide open to targeted email attacks using identity deception and social engineering methods.
As demonstrated in the past 12 months with the attacks on the En Marche! party in the French Presidential elections and on the Democratic National Committee (DNC) during the U.S. presidential elections, an email attack that results in leaks of sensitive data can deter from a free and fair election and, ultimately, impact the results.
To negate this risk, organisations should implement email authentication with a “reject” policy using the open standard DMARC. This prevents impostors from using the domains of the political parties to deceive internal campaign staffers, volunteers and the public. The combination of these two security defences would have prevented both the U.S. DNC compromise and the French En Marche! attack.
DMARC (Domain-based Message Authentication, Reporting and Conformance) is an open security standard that is designed to detect and prevent identity deception by enabling ISPs (Internet Service Providers) and any organisations receiving emails to check that incoming mail is authenticated. T However, in order for it to work, the political parties in Europe need to publish a DMARC “reject” policy, which none of them has done to date.
When examining the main political parties of UK, Germany and Norway, only the UK Liberal Democrats and the UK Green Party have put a DMARC “none” policy record in place. While this is a good start and shows they have the intent to protect themselves and the public, it is not yet sufficient to provide any protection. To block spoofing, these organisations need to take the steps to move to DMARC “quarantine” or preferably “reject”, to put unauthenticated messages in the SPAM folder or block them outright. DMARC policies are publicly available through DNS records and you can look up any political party’s policy here.
Dr Markus Jakobsson, Chief Scientist at Agari, comments: “This is a disaster waiting to happen. It appears that in spite of the now infamous email attacks that have blighted two elections in recent months, political parties are still showing no signs of even acknowledging that they need email protection. DMARC allows organisations to make it impossible to spoof their email domains. In the absence of a DMARC policy and protection against identity deception, anybody can write an email that appears to come from an unprotected organisation and have it delivered to the unwitting victim-to-be.”
“Take the Macron attack last month, where there were several email accounts associated with Macron’s campaign that were compromised in a spear phishing attack – none had a DMARC policy that would have defended against spoofing. As we head into the next election campaigns, only two UK political parties have a DMARC policy, but neither has it configured to block malicious traffic.”
“Moreover, most organisations, including political parties, use antiquated inbound email filters, with no protection against identity deception. If an organisation simply uses a spam filter, all they avoid is getting unwanted Viagra advertisements — they have no protection against phishing emails. Similarly, and sadly, even those that do have phishing filters only have partial protection, since traditional phishing filters rely on the blacklist paradigm, which is not applicable to spear phishing attacks. It is vital for political organisations to recognise the risks they are taking by not addressing this problem.”
In order to prevent these cyberattacks and preserve free and fair elections, Agari is offering the Agari Email Trust Platform and its email security expertise free of charge to political parties in the run-up to the UK, German and Norwegian elections in 2017. Agari has visibility into 70% of global inboxes, including the John Podesta and Macron campaign staff gmail accounts that were targeted in the U.S. and French elections.
Jakobsson concludes: “Enterprises have, increasingly, woken up to the threat they are facing and are starting to deploy the appropriate security countermeasures. It is time for political parties to recognise what is at stake and do the same.”
The Agari Email Trust Platform verifies trusted email identities based on insight into 10 Billion emails per day to stop advanced email threats that use identity deception. Agari protects the inboxes of the world’s largest organisations from the number one cyber security threat of advanced email attacks including phishing, spear phishing and business email compromise.
 

FacebookTweetLinkedIn
Tags: attackCyberelectionsemailsecurityTechnology
ShareTweetShare
Previous Post

HP Inc wireless mouse can be spoofed

Next Post

Global survey reveals that most people are ill equipped to deal with ransomware

Recent News

man looking sad

Security pros say their mental health has declined

May 13, 2022
@ symbol

NCSC launches free email security check

May 12, 2022
warning colours

Five Eyes urges organisations to secure supply chains

May 12, 2022
industrial lab

CNI firms see cyberattack surge

May 11, 2022

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information