How Microsoft spotted another Russian hacking attempt

How Microsoft spotted another Russian hacking attempt

How Microsoft spotted another Russian hacking attempt: On Monday Microsft said they spotted another hacking attempt from Russian groups to hack the political organizations. And that attack came from a group of professional hackers who are working for the Russian government.

Microsoft making a great effort in finding the fake websites, they are not just finding them, they are taking down all those fake websites.

According to Cnet, Microsoft is in a unique position to tackle with these hacking attempts. That’s because its services are the backbone of many workplace email systems, so spoof websites impersonate the company.

The tech giant keeps an eye out for web domains it doesn’t control that pose as Microsoft login or password-reset pages. Such domains are clear sign hackers are trying to fool web users into handing over their usernames and passwords, which the hackers can then use to steal emails and documents.

In the hacking world, this term called phishing where the hacker tries to fool the users by creating a fake web page to steal user’s data.

This is similar to hacking attempt happened in 2016 to John Podesta, then head of Hillary Clinton’s presidential campaign. Podesta was using the email services from Gmail and reportedly he received an email where the email was prompting him to enter his username and password. He clicked on that link and hackers made off with a collection of his emails, which were later made public.

This type of attempts are generally very common these days, where hacker design an email that looks original. In layman term, it is called as social engineering. The only way to tackle with these types of attempt is to just ignore them and do nothing as well make sure you checked the full sender address before clicking.

Which groups were targeted?

This time, the hacks targeted the International Republican Institute and the Hudson Institute, both of which count Republican senators among their members, as well as three websites affiliated with the Senate.

The International Republican Institute’s mission is focused on building democracy abroad, and the Hudson Institute fosters conversations on national security and foreign policy.

“We can only assume that this attack was intended to gather information about, and compromise or otherwise disrupt Hudson’s longstanding democracy-promotion programs, and in particular, our initiatives to expose the activities of foreign kleptocratic regimes,” the Hudson Institute said in a statement Tuesday.

The International Republican Institute pointed to the threat of hacking attempts from foreign regimes.

“Cyberattacks have become one of the preferred tools of authoritarians around the world to harass and undermine independent organizations and democratic governments,” the organization’s president, Daniel Twining, said in a statement Tuesday.

How often is Microsoft seeing hacking attempts like this?

The company isn’t finding a hack every day, but it’s taken down a lot of spoof sites.

“We have now used this approach 12 times in two years to shut down 84 fake websites associated with this group,” Microsoft President Brad Smith wrote in a blog post published Monday that details the new hacking effort.

How can political groups — and everyone else — protect themselves?

The first line of defense is to use two-factor authentication. That stops hackers from using your stolen username and password to log in to your accounts.

Two-factor authentication is a login system that requires an extra piece of information, in addition to your username and password. It can be a one-time code generated on an app on your phone or a physical token that connects to your device wirelessly or through the USB port.

Tech companies have a big role to play too. In addition to Microsoft’s efforts to spot and take over spoofing websites, the company’s Outlook service can filter out the fraudulent emails that hacking targets often receive prompting them to click on a link to the fake site.

On Monday, Google security engineer Shane Huntley wrote in a blog post that Google does its best to filter out these phishing emails from Gmail. Google also sends warnings to users it finds are being targeted by a government-backed hacking effort. (Hunt also encouraged users to adopt token-based two-factor authentication if they believe they’re at risk.)

Finally, companies are developing specialized tools for political campaigns and others at risk from this kind of hacking. At the same time it disclosed the Russian hacking attempt, Microsoft said its new AccountGuard tool will protect political organizations’ accounts free of charge. What’s more, secure-messaging companies like Wickr and Signal are working with campaigns to encourage them to keep sensitive messages and documents out of their regular email.

How does this fit into the big picture of election hacking?

All these hacking attempts use the same set of strategies Russians allegedly used in 2016 to sow chaos in the lead-up to the US presidential election.

The 2016 hackers, who US agencies said were under direct orders from Russian president Vladimir Putin, made stolen information public. Other hacking campaigns focused on probing voter registration databases and elections websites for vulnerabilities.

So far in 2018, large troves of emails haven’t been made public, and cybersecurity experts and law enforcement officials haven’t identified any successful hacking attacks.

Beyond hacking, Russians at the Internet Research Agency allegedly ran misinformation and influence campaigns on social media platforms including Facebook, Twitter, YouTube and Reddit in 2016.

Many of those activities appear to continue today, and Facebook announced earlier this month that it had identified and taken down 32 accounts, pages, and events affiliated with a coordinated campaign to influence the platform’s users.

Former Microsoft Engineer Gets Prison for Role in Reveton Ransomware