Shane Huntley of Google’s Threat Analysis Group (TAG) announced on Twitter yesterday that a Chinese APT group had been targeting the Biden campaign, while an Iranian APT group had targeted the Trump campaign. Both groups targeted their intended victims through phishing attacks that are currently believed to have been unsuccessful. The Biden campaign told NPR, “We have known from the beginning of our campaign that we would be subject to such attacks and we are prepared for them. Biden for President takes cybersecurity seriously. We will remain vigilant against these threats and will ensure that the campaign’s assets are secured.”
Phishing attacks are one of the simplest ways an attacker can gain access to the network. They’re cheap, and unfortunately, they still work well enough to be one of the most popular attacks as well. All organizations should have email security scanning and some form of security education and awareness training for their employees. These trainings can be as crucial as any other defensive measure put in place by the organization. Phishing emails can take on many forms depending on the target and all it takes is one mistake by an employee to begin a possible intrusion. The Democratic National Committee has also released a checklist covering numerous topics including disk encryption, password managers, multi-factor authentication and more which can be found at https://democrats.org/wp-content/uploads/sites/2/2020/05/Device-and-Account-Security-Checklist-2.0-v2-May-2020.pdf.