Nation-state sponsored attacks on political parties during elections is now the norm, as highlighted by attacks on the En Marche! party in the French Presidential elections and the attacks on the Democratic National Committee (DNC), the Democratic Congressional Campaign Committee (DCCC), and nearly all Democrats in the House of Representatives in the lead up to the U.S. Presidential election last year.
This week, the UK’s NCSC, part of GCHQ, issued guidance to candidates and political parties in the general election and earlier today the BBC reported that the NCSC have asked candidates, including recent MPs, to look through their emails for signs that they have been targeted by a phishing attack.
The targeted email attacks in the U.S. and France used identity deception, either by spoofing gmail or the email domain of the political party, to trick users into giving up their passwords or sending out confidential data. These attacks avoided using any malware or known malicious URLs to evade detection by either traditional secure email gateways or even advanced persistent threat (APT) detection methods. There are two key defenses required to protect against these types of attacks. First, organizations need a system that analyzes all inbound emails into the organization for untrusted email attempting to impersonate a trusted entity. Second, organizations should implement email authentication using the open standard DMARC.
Despite the frequency of these attacks and upcoming national elections, Agari has discovered that none of the UK, German or Norwegian political parties are taking advantage of DMARC which could help prevent such leaks, reputational damage and potential for influencing the outcome of their upcoming elections.
When examining the main political parties of UK, Germany and Norway, only the UK Liberal Democrats and the UK Green Party had a DMARC “none” policy record in place, but had not taken the steps to move to DMARC “quarantine” or “reject” in order to put unauthenticated messages in the SPAM folder or block them outright.
The UK’s NCSC, part of GCHQ, has been vocal in encouraging both public and private sector organizations to adopt the open standard to protect themselves, taking the lead from the Financial Services industry who widely leverage these tools for email authentication.
In a recent article, Ian Levy of the NSCS commented: “There exists already a number of internet standards that can help tackle spoofing, including SPF, DKIM and DMARC. We’ve already published with GDS an email security standard that includes, among lots of other things, DMARC and that’s going to become mandatory soon for government.”
We see similar efforts at a departmental level in the US. Former CIO at U.S. Customs and Border Protection, Charles Armstrong, recently commented: “Cybersecurity is important for the nation — not just the government but the citizens and corporations. The DMARC protocols that were established a few years back are out there, and companies are implementing solutions to help go after some of these top threats that are being executed for email: whether it’s spoofing, phishing or anything fraudulent through the use of email.”
In addition to establishing a DMARC policy that protects them and their supporters, political parties should also strongly consider protecting their own operatives. This can be done by leveraging security products that detect identity deception, which is the most prominent tool used by attackers launching targeted attacks.
As a result of these findings, Agari is offering it’s Email Trust Platform free of charge to political parties in the run up to the UK, German and Norwegian elections in 2017.
The Agari Email Trust Platform provides:
For more information about this offer, please contact firstname.lastname@example.org.