Share this
Your Voter Registration Needs ‘Extra Details’ – The Latest Phishing Lure
by Shivan Mandalam on Nov 3, 2020 8:00:00 AM
Today is election day, and 100 Million people have already voted. In all probability, this year’s total number of voters is on pace to exceed 2016 elections. While the voting is on, there is a real concern over disinformation campaigns that might affect the outcome. Recently, Trustwave published an article stating that 186 million voters’ information had been posted online. Over 400 potential data points are provided about each individual.
With all of this information out there, cybercriminals are using it, and are tapping into political frenzy with a new phishing lure. This cyber-attack starts with a message that warns U.S. targets that their voter registration data needs extra details. The message purport to come from the U.S. Election Assistance Commission, an independent agency of the United States government that serves as a national resource of information regarding election administration. The message contains a URL, which leads to a spoofed web page that steals a variety of targets’ personal data, including name, date of birth, mailing address, email address, Social Security number and driver’s license data.
If someone were to complete the above form and submit, they could face a litany of issues and problems down the road:
- Stolen personal information can be used to harm companies
- Stolen personal data is used for future target phishing attacks and extortion
- Stolen personal information is fuel for identity theft
- Hackers can sell personal data to other criminals
- impact of corporate security, impact on remote users, and on and on
How can Elisity help?
Elisity Cognitive Trust (ECT) flips the traditional way of managing security on its head. Instead of the traditional “trust but verify” method of managing access to- and on a corporate network, ECT works a bit differently, requiring that all traffic, users, applications, hosts, devices, can be authorized only if they have an explicit policy.
Additionally, when an app/device/user/etc. is verified, the trust granted only applies to that one connection. So, every time a communication is initiated on a cognitive trust network, the “what” trying to connect must be verified again to ensure that a threat actor hasn’t intercepted the communication, isn’t hiding inside approved controls, or hasn’t dropped malware onto the system.
So, how does this all help with compromised user data? In a cognitive trust secure network, all systems— servers, applications, databases, hosts, etc.—run on the principle of least privilege. This means that only systems/apps/etc. that require access to another system/app/etc. are configured to send and receive communication to and from other network connections.
ECT enables:
- Detection of risky user devices
- Detection of user is authentication from a different device
- Learning of device vulnerabilities and security posture from other enterprise vulnerability management systems, and control access to the device
What else can ECT do?
- Monitor behavior of user not just at entrance but throughout the session (continuous monitoring), contrast this with our competitors who just monitor risk at the time of authentication
- Monitor behavior and automatically provide policies relevant for a user
- Audit for all authorized connections
With the capabilities of ECT, your business is more protected, and better prepared to respond to an attack. To learn more about ECT, please see our datasheet: Solving the Challenge of Secure Enterprise Access.
Share this
- Blog (30)
- Cybersecurity (13)
- Zero Trust (12)
- Enterprise Security (10)
- Identity (5)
- Elisity (4)
- Enterprise Architecture Security (4)
- Network Security (4)
- Remote Access (4)
- microsegmentation (3)
- Black Hat (2)
- Identity and Access Management (2)
- blogs (2)
- Adaptive Trust (1)
- MITRE (1)
- News (1)
- Software Supply Chain Security (1)
- case study (1)
- cyber resilience (1)
- November 2024 (2)
- October 2024 (7)
- September 2024 (5)
- August 2024 (3)
- July 2024 (4)
- June 2024 (2)
- April 2024 (3)
- March 2024 (2)
- February 2024 (1)
- January 2024 (3)
- December 2023 (1)
- November 2023 (1)
- October 2023 (2)
- September 2023 (3)
- June 2023 (1)
- May 2023 (3)
- April 2023 (1)
- March 2023 (6)
- February 2023 (4)
- January 2023 (3)
- December 2022 (8)
- November 2022 (3)
- October 2022 (1)
- July 2022 (1)
- May 2022 (1)
- February 2022 (1)
- November 2021 (1)
- August 2021 (1)
- May 2021 (2)
- April 2021 (2)
- March 2021 (3)
- February 2021 (1)
- November 2020 (2)
- October 2020 (1)
- September 2020 (1)
- August 2020 (3)
No Comments Yet
Let us know what you think