petronella

29 Dec 2016

We may never know exactly what happened to American electorate system during 2016, who was responsible, or how it influenced the election. But there was one insight into the 2016 election hacking that will give you a true insight into what happened without any political slant. Plus, if you read more you’ll find out about a type of cyber-trap that you could’ve fallen into several times and never known it.

The Election Assistance Commission was set up in 2002 to help local officials run elections. The website was home to voting guidelines, administration information, and even helped make sure voting machines were secure. However, to access the information on the site you had to make an account and log in. And that’s what hackers preyed on. According to the Federal Times, hackers set up a watering hole on the login page to collect user login information. It’s estimated that hackers got access to 100 accounts and even some that had administrative privileges on the site. The good news is the EAC site doesn’t connect with any vote counting services. The bad news is that didn’t stop the hackers from trying to turn a profit. The hackers did try to sell the credentials online, which means that these credentials could be used as a starting point for larger hacks in the future.

And that’s not the end of the story either.

Because watering hole attacks are very real threats online today. Usually, hackers will target a specific group with a watering hole attack strategy based on the site they set up on. For example, in 2014 China linked hackers set up a malware on Forbes.com. By targeting Forbes, the hackers were going after leaders of various industries but they took it a step further. They set the program to specifically target people with links to the defense industry. These attacks are the reason why hackers try to sell off any private information, like viewing history, they can get their hands on. Because to set up one of these attacks, you must first know the sites that your target group frequents the most. If you’re going after the defense industry that could be Forbes, but if you’re going after a human rights group or one specific company it could be another site. Once a hacker has determined the best site to infect, they’ll find a vulnerability and inject their code. After that, all it takes one click and they can infect anyone visiting the page.

Watering hole attacks are dangerous because the victims usually can’t tell that they’ve been hacked, which means they’ll carry the malware to other devices and secure sites. This makes watering hole attacks especially dangerous for organizations with several employees. While the heads of a company or a hospital may have very secure devices and networks, they cannot guarantee that all their employee’s do. And since an employee will not know they’re infected they could easily infect an entire network. So, if you’re a private practice and you do everything right to protect your patient data, a simple watering hole attack could throw all that preparation out the window because of one employee.

But only if you let it. If you educate yourself and everyone with access to your network on how to tell if you’ve been hacked, what to do if you have been, and how to avoid malware in the first place you’ll be ten steps ahead of most other organizations and stand a chance against hackers all over the world.

Schedule an Appointment

Schedule an Appointment

    Our clients are awesome!

    Based on 55 reviews.
    Jeremy Richards
    Jeremy Richards
    2020-03-13
    Petronella provides great advanced digital marketing and automation solutions for my business!
    Kate Swenson
    Kate Swenson
    2020-02-14
    Highly recommended for CMMC certification assistance! Excellent and affordable options for secure data hosting on local infrastructure. 5 stars!
    Tom Matzen
    Tom Matzen
    2020-01-25
    Petronella Technology Group helped us setup our sales and marketing automation, cybersecurity and compliance for our new Blockchain startup. Great to work with! Craig in particular really knows his stuff, can translate into non-tech speak, and has wisdom beyond his years. Highly recommend them.
    Justin Summers
    Justin Summers
    2020-01-14
    Craig is awesome! He is very professional and efficient with his work. I would definitely recommend Petronella Technology to anyone who needs state of the art service.
    Blake Rea
    Blake Rea
    2020-01-14
    Craig is an expert in his field. Impressed by his knowledge, A true pioneer in Cybersecurity. My business is safer thanks to Petronella Tech!
    Robert Friedman
    Robert Friedman
    2020-01-10
    For the last five years Craig has been the Contributing Editor for Cybersecurity for NC Triangle Attorney Law Magazine which I publish. His base of knowledge is always leading edge, pragmatic and early to understand for our readers who are not techies. He is patient and easy to work with.
    Tammy Everett
    Tammy Everett
    2020-01-10
    Craig Petronella, CEO of Petronella Technology Group provided the members of the Defense Alliance of North Carolina expert advice on cybersecurity and NIST compliance. Eye opening experience! Thanks so much!
    Julie Brown
    Julie Brown
    2020-01-09
    Craig and the Petronella Technology Group, Inc. team made HIPAA compliance for my small practice so simple and easy! They helped me with all of my HIPAA training, HIPAA Security Risk Assessment, Penetration Test, and HIPAA secure hosting so I can rest easy.
    Pivot Point
    Pivot Point
    2020-01-03
    Petronella Technology Group helped us with our marketing strategy for our new web startup. Awesome experience!!!!
    Richard Brunet
    Richard Brunet
    2019-12-30

    SCHEDULE AN APPOINTMENT

    Make It Happen Now

    CLIENT SUPPORT

    Don't Feel Stranded

    CONSULTATION

    Get Best Advice

    PAYMENTS

    Make A Payment

    Top