Lack of Security Awareness Training Allowed Russians to Hack American Election

KnowBe4, provider of the world's largest security awareness training and simulated phishing platform, analyzed the official indictment of the Russian GRU officers charged with interfering in the 2016 U.S. presidential election.

According to Stu Sjouwerman, CEO of KnowBe4, and Kevin Mitnick, KnowBe4's Chief Hacking Officer, the GRU officials used the same tradecraft that cybercriminals use daily and that white hat penetration testers use to test their client's controls: social engineering methods including spearphishing. This further proves that hackers of all motives continue to target humans as they're known to be the path of least resistance and one that can be easily broken.

The indictment showed that the Russian hackers targeted more than 300 people, covertly hacked and monitored dozens of computers, secretly implanting a hacking tool that the GRU called X-Agent. The malware allowed operatives in Moscow to remotely take screenshots and capture keystrokes of Democratic Party employees as they tapped on their computers, the indictment states. The GRU team then used another program, called the X-Tunnel, to extract gigabytes of stolen documents through encrypted channels.

"After reading the Russian indictment I was surprised to see that the Russians use the same exact methods we use to test our client's security controls. Our security engineers have never failed to get in when we can use social engineering (phishing, etc) during an assessment," stated Kevin Mitnick, KnowBe4's Chief Hacking Officer. "The biggest takeaway was that spearphishing is *still* the easiest way the bad guys get in. Why the DNC didn't use Multi-Factor Authentication is beyond me. I believe it is the lack of security awareness training that made it easy for the Russians to hack our election."

KnowBe4's complete analysis is available on its blog titled, "Russian Indictment: They Used Criminal TradeCraft Like Spearphishing to Hack the Democratic Party"  

It is important to know what percentage of your users are vulnerable to social engineering attacks. For customers and non-customers alike, KnowBe4 recommends using its free Phishing Security Test to find out what the Phish-prone percentage of your company's users is.

About KnowBe4

KnowBe4, the provider of the world's largest integrated security awareness training and simulated phishing platform, is used by more than 19,000 organizations worldwide. Founded by data and IT security expert Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness of ransomware, CEO fraud and other social engineering tactics through a new-school approach to security awareness training. Kevin Mitnick, internationally recognized computer security expert and KnowBe4's Chief Hacking Officer, helped design KnowBe4's training based on his well-documented social engineering tactics. Thousands of organizations trust KnowBe4 to mobilize their end-users as the last line of corporate IT defense.

Number 231 on the 2017 Inc. 500 list, #70 on 2017 Deloitte's Technology Fast 500 and #2 in Cybersecurity Ventures Cybersecurity 500. KnowBe4 is headquartered in Tampa Bay, Florida with European offices in England, the Netherlands, Germany and offices in South Africa and Singapore.

To view the original article and learn about other exciting press releases refer to the source.

Source: CISION

Topics: Speaking Engagements, encryption, information theft, Password Management, security awareness training, Russian cybercrime, X-Agent, X-Tunnel, spearphishing, US election hacking, Kevin Mitnick

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

6 Types of Social Engineering Attacks and How to Prevent Them

Social engineering attacks account for a massive portion of all cyber-attacks.

Read more ›

What You Get When You Invest in Social Engineering Testing with Mitnick Security

When testing your employees' social engineering readiness, your teams need simulated attacks that feel as if they’re coming from a nefarious engineer...

Read more ›

Mitnick Security: Ransomware Awareness Training

Ransomware is a type of malware that prevents accessibility to either a single computer or an entire network until a ransom is paid. This can result i..

Read more ›
tech-texture-bg