The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned election-related entities to be on the lookout for phishing attacks.
In an insight piece published on September 10, CISA highlighted malicious actors’ preference for phishing attacks in their efforts to target political parties, think tanks and other entities that might be involved in an election.The security agency noted that malicious actors could use a successful phish to lay the groundwork for secondary attacks.For instance, those nefarious individuals could use a compromised password to conduct password spraying attacks against multiple web accounts of a single user. They could also use an exposed set of credentials to launch brute-force attacks.Responding to those threats, CISA recommended that election-related entities take several steps to enhance their email security.First, it emphasized the importance of organizations of using provider-offered services such as multi-factor authentication (MFA) and advanced protection tools.Second, it noted that organizations could better secure their users’ accounts with the help of MFA, a password manager, a breach monitoring service and guidelines that encourage “user-friendly” passwords consisting of multi-word sequences instead of combinations containing symbols and/or numbers.Third, it urged organizations to uphold authentication and reduce the likelihood of spoofed phishing emails by enabling STARTTLS, disabling outdated protocols, implementing SPF and DKIM as well as ideally configuring a “reject” DMARC policy.Finally, it recommended that organizations configure their email gateway solutions to detect phishing emails with the help of updated blocklists, header screening an ..
Support the originator by clicking the read the rest link below.
