Microsoft officials said Aug. 21 that it shut down six disinformation and spoofing internet domains operated by the Russian cyber-espionage group Strontium, also known as APT28 or Fancy Bear.
The company announced its actions in a blog post by its President Brad Smith who said that the company obtained a court order transferring the domains to Microsoft enabling it to shut them down.
The six domains were attempts to spoof the Hudson Institute and the International Republican Institute, as well as several U.S. Senate web domains. Smith noted that while this particular set of actions involved domains aimed at Republicans, the group has also targeted Democrats, including the now well-known attack on the Democratic National Committee in 2016.
Smith said that the take-down of the Russian sites is the 12th time Microsoft has done this in the past two years. The company’s Digital Crimes Unit has shut down 84 fake websites associated with the Strontium group of Russian cyber attackers.
The number and seriousness of such attacks has prompted Microsoft to launch its new AccountGuard service, a suite of free security services for organizations involved in the U.S political process.
“Despite last week’s steps, we are concerned by the continued activity targeting these and other sites and directed toward elected officials, politicians, political groups and think tanks across the political spectrum in the United States,” Smith said in his blog. “Taken together, this pattern mirrors the type of activity we saw prior to the 2016 election in the United States and the 2017 election in France.”
“Today’s announcement by Microsoft highlights that the ongoing cyber-threats posed by Russia are very real,” Senator Mark Warner (D-VA), vice-chairman of the Senate Intelligence Committee told eWEEK in an email.
“Russia’s cyber-attacks didn’t stop after 2016, and it’s clear that they’ve set their eyes on the upcoming 2018 midterm elections. We all need to step up and work together to defend the sanctity of our democratic process against Russia’s ongoing sophisticated cyber-aggression.”
In other words, it looks as if the Russians may be gearing up to try to influence this year’s elections as they did in 2016. The difference is that this time a number of companies are aware this is happening and are taking steps to blunt the attacks. Facebook has been trying to get a handle on fake news and disinformation campaigns being put on by the same threat actors that abused its platform before. Twitter has been purging millions of fake accounts.
Microsoft’s AccountGuard seeks to help solve the problem more directly. According to a blog by Tom Burt, Microsoft’s corporate vice president for customer security and trust, the company will now start offering organizations involved in some way with the U.S. political process a suite of security services at no charge. Any such organization that wants to use AccountGuard has to use Microsoft Office 365 to register.
The first offering is unified threat detection and notification across accounts. The accounts can include those used by the organizations as well as the personal accounts used by staff members, leaders and even surrogates and campaign volunteers who choose to opt in.
The reports come from Microsoft Threat Intelligence Center and could help prevent exactly the sort of attack that caused disruption within the Democratic National Committee in 2016 when the organization’s emails were publicly disclosed by Russian hackers working with WikiLeaks.
Equally important, Microsoft’s AccountGuard will provide security guidance and training to organizations and staff to help them manage their security at the levels required by today’s sophisticated cyber-threats. Security awareness is a continuing problem for campaign organizations because they’re staffed largely by volunteers with little IT training and high turnover who are generally unfamiliar with basic online security practices.
Microsoft will also provide private security briefings that it typically provides to large enterprises to the protected organizations. The briefings will include advice on the latest technology and address an organization’s specific security needs. These services will also be offered to non-profits and non-governmental organizations that focus on education, analysis, research or the advancement of democracy. Vendors who primarily service such organizations are also eligible, according to Microsoft.
As significant as Microsoft’s efforts are, there are limits. “It’s important to note that Microsoft cannot solve this problem alone,” Burt said, calling on all parties with a stake in the U.S. political process to take part.
“To be successful in defending democracy, technology companies, government, civil society, the academic community and researchers need to come together and partner in new and meaningful ways.” Burt notes that AccountGuard can only protect Microsoft customers, but he adds that the company is working hard to encourage other technology companies to take similar steps and to find ways to work together.
But there has to be a larger involvement than just tech companies and those directly affected in political activities. The attacks by Russia on democracies, as important as they are, are just part of a greater effort to press a related but wide-ranging series of attacks on businesses in the U.S. and its allies.
These attacks, which come from government-directed groups in China, North Korea, Iran, Syria, Venezuela and Cuba, seek to hurt businesses and critical infrastructure, steal intellectual property and production secrets while sewing dissention and distrust as widely as possible.
This means that it’s critical for all businesses, whether they have such information or not, to protect themselves as if they were guarding important data. Those attackers are not necessarily targeting you, but rather information on your business relationships or even your company address book, any of which can be used as another step to further their ends. A phone list stolen from your company’s network could easily provide the critical piece of data required to break into the network of a defense contractor, which in turn could provide access to other critical networks.
Even if you think your IT department is far from the world of politics, it’s critical that you protect it as if it were directly involved. You don’t want your network to provide the critical link for a higher profile attack.