Diplomatic networks carry some of the world’s most sensitive information: communications between world leaders, key technical intellectual property, trade strategies, and military plans. A recent report by antiphishing vendor Area 1 Security reveals that a three-year-long cyberattack led to the successful breach of the European Union’s diplomatic communications network. By focusing on the cybersecurity of the weakest link — the Ministry of Foreign Affairs for Cyprus — the information of all EU-28 member states has been compromised. Area 1 attributes the attack to the Strategic Support Force (SSF) of the People’s Liberation Army (PLA) of China.
The breach led to the disclosure of sensitive conversations between European Union officials discussing topics such as US President Donald Trump, Iranian sanctions, and Russian activity in Ukraine. Like all diplomatic communications, these include strategic goals, negotiating positions, ruminations on the mental state of various world leaders, and the potential implications of items being discussed by each party. The participants had no idea they were being monitored by an adversary. As far as they knew, they were using a secure network to share this information.
Impact On The European Union
The thoughts shared in supposedly private circumstances “among friends” is highly damaging for the European Union. For example, the private disagreements that underlie the EU’s united front on issues such as Brexit, the response to sanctions and foreign policy coordination among member states, and the division and opinions within the diplomatic corps all being brought to light is extremely unhelpful. This damages the position of the Union in terms of how it responds to the rise of China and an increasingly assertive Russian foreign policy.
This attack shows the need to consider cybersecurity as a factor in geopolitical world-power considerations. Being compromised in this way, and having its deepest secrets exposed, weakens the hand of the EU in dealing with sensitive foreign policy decisions and trade negotiations. Armed with the innermost thoughts of EU officials, adversaries have an advantage in negotiations.
“Sophisticated” Techniques Weren’t Needed
The initial breach of this secure network wasn’t caused by a highly technical attack. Instead, a simple phishing email directed toward the Ministry of Foreign Affairs in Cyprus led to the breach of the COREU network, which is shared among the 28 EU countries. The attacker techniques described by Area 1 were “technically unremarkable.” As happens all too often, attackers found their way to the treasure trove by exploiting a weak point.
Prioritize Phishing Protection As Part Of Your Security Strategy
Many organizations focus their cybersecurity strategy on threat detection and buying tools to detect the most advanced threats. Email security, and therefore antiphishing, then typically becomes a lower priority and is usually delegated to junior staff. As is evidenced by this cyberattack, which was allegedly conducted by one of the most sophisticated threat actors in the world, the simplest attacks can have the most damaging outcomes.
Due to their manipulative nature, phishing emails are quite difficult to detect and block. They target their victims by masking malicious links and attachments to mimic routine tasks or urgent requests. The attacker may sit in your network for months, observing the comings and goings of company correspondence to craft the perfect personalized email that fools even experienced S&R pros. Phishing prevention requires a layered approach that includes:
- Email content security. Filter out obvious spam and phishing attempts.
- Antimalware detection. Block malware before it infects users.
- Browser isolation technology. Stop users from divulging credentials or downloading malware.
- Email authentication. Stop impersonation attacks such as spoofing and business email compromise (BEC).
- Security awareness training and testing. Arm your users with knowledge and techniques to deflect phishing attempts.
- Multifactor authentication. Guard against credential theft.
Follow Zero Trust Principles To Protect Sensitive Data
Forrester’s Zero Trust eXtended (ZTX) framework requires organizations to identify and protect sensitive data by segmenting networks into secure microperimeters and controlling access to those systems by continually evaluating access rights. If an attacker does evade your defenses and gain access, you can’t wait for the attacker to make a mistake to discover them. Employ security analytics tools or managed detection and response (MDR) services to discover attackers hiding in your network instead of allowing them to persist there for years undiscovered.
Forrester is addressing the topic of phishing prevention in two upcoming reports, both scheduled to publish in early 2019:
- Now Tech: Antiphishing Solutions, Q1 2019
- Best Practices: Preventing Phishing Attacks