Your Voter Registration Needs ‘Extra Details’ – The Latest Phishing Lure

by Nov 3, 2020Enterprise Security, Identity, Remote Access, Zero Trust

Today is election day, and 100 Million people have already voted. In all probability, this year’s total number of voters is on pace to exceed 2016 elections. While the voting is on, there is a real concern over disinformation campaigns that might affect the outcome. Recently, Trustwave published an article stating that 186 million voters’ information had been posted online. Over 400 potential data points are provided about each individual.

With all of this information out there, cybercriminals are using it, and are tapping into political frenzy with a new phishing lure. This cyber-attack starts with a message that warns U.S. targets that their voter registration data needs extra details. The message purport to come from the U.S. Election Assistance Commission, an independent agency of the United States government that serves as a national resource of information regarding election administration. The message contains a URL, which leads to a spoofed web page that steals a variety of targets’ personal data, including name, date of birth, mailing address, email address, Social Security number and driver’s license data.

If someone were to complete the above form and submit, they could face a litany of issues and problems down the road:

  • Stolen personal information can be used to harm companies
  • Stolen personal data is used for future target phishing attacks and extortion
  • Stolen personal information is fuel for identity theft
  • Hackers can sell personal data to other criminals
  • impact of corporate security, impact on remote users, and on and on

How can Elisity help?

Elisity Cognitive Trust (ECT) flips the traditional way of managing security on its head. Instead of the traditional “trust but verify” method of managing access to- and on a corporate network, ECT works a bit differently, requiring that all traffic, users, applications, hosts, devices, can be authorized only if they have an explicit policy.

Additionally, when an app/device/user/etc. is verified, the trust granted only applies to that one connection. So, every time a communication is initiated on a cognitive trust network, the “what” trying to connect must be verified again to ensure that a threat actor hasn’t intercepted the communication, isn’t hiding inside approved controls, or hasn’t dropped malware onto the system.

So, how does this all help with compromised user data? In a cognitive trust secure network, all systems— servers, applications, databases, hosts, etc.—run on the principle of least privilege. This means that only systems/apps/etc. that require access to another system/app/etc. are configured to send and receive communication to and from other network connections.

ECT enables:

  • Detection of risky user devices
  • Detection of user is authentication from a different device
  • Learning of device vulnerabilities and security posture from other enterprise vulnerability management systems, and control access to the device

What else can ECT do?

  • Monitor behavior of user not just at entrance but throughout the session (continuous monitoring), contrast this with our competitors who just monitor risk at the time of authentication
  • Monitor behavior and automatically provide policies relevant for a user
  • Audit for all authorized connections

With the capabilities of ECT, your business is more protected, and better prepared to respond to an attack. To learn more about ECT, please see our datasheet: Solving the Challenge of Secure Enterprise Access.

 

 

 

 

Categories

Archives