James Steidl - Fotolia
New evidence has connected the Democratic National Committee attacker, known as Fancy Bear, to the phishing scheme that targeted email accounts associated with the Hillary Clinton campaign.
An investigation by Atlanta-based cybersecurity firm SecureWorks Inc. uncovered a malicious link created with the Bitly URL-shortening service used by hackers to gain access to the Gmail account of Clinton campaign chairman John Podesta. The Bitly account used to create the link was connected to a domain controlled by the advanced persistent threat known as Fancy Bear, which has reportedly been behind a number of attacks on political organizations.
The link sent to Podesta was reportedly one of 9,000 malicious links created by Fancy Bear in order to target close to 4,000 individuals between October 2015 and May 2016. Podesta followed the malicious link on March 19, 2016, giving attackers access to his account. Former Secretary of State Colin Powell also had his account compromised in the same way.
The attacks eventually led to the release of thousands of Podesta's emails by WikiLeaks. Fancy Bear is the attacker said to be behind the hack of the Democratic National Committee and allegedly has connections to the Russian government. The White House has asserted that Fancy Bear works under order of the Kremlin and intends to interfere with the U.S. election process.
According to a report by Motherboard, SecureWorks has been following the Fancy Bear trail for the past year, allowing the firm to connect the command-and-control domains with the malicious links, the Bitly account and the phishing scheme.
Experts said these sorts of attacks will continue to be successful as long as humans can be targeted.
Rick Holland, vice president of strategy for Digital Shadows, based in San Francisco, said people are a weak point, but IT can do more.
"Oftentimes, the victim is blamed for successful phishing attempts when the security controls that are in place are culpable as well," Holland told SearchSecurity. "Humans will always be the weakest link, so, unfortunately, there is no way to keep us from being successfully phished. This doesn't mean organizations should give up on security-awareness training. Awareness will reduce the amount of successful phishing attempts, freeing up the security team to focus on the detection and response for those that have clicked."
Mike Patterson, vice president of strategy for Rook Security Inc., based in Indianapolis, said attackers are getting better at creating phishing campaigns that appear legitimate.
"Attackers have gotten very good at crafting spear-phishing messaging that looks very similar to forms of genuine communication their victims see every day. If attackers compromise a real account belonging to a person their intended victim implicitly trusts, it becomes easier still," Patterson told SearchSecurity. "Attackers have to be right just once, and they have as many shots to take as they want. Security-awareness training can be incredibly valuable, but across a wide enough attack surface, attackers are bound to succeed at some point."
Learn more about how cyber attribution relies on human intelligence.
Find out about the potential response by the White House to Russian hacking.