Politicians under cyberattacks and 180 days for the adoption of 2FA

Secfense meta 2a

Recent cyberattacks show that politicians become victims of cybercriminals more and more often. What methods do criminals use and what steps can be taken to prevent them from stealing private data?

Politicians under cyberattacks

Is it even possible to prevent the attacks and the leak of confidential information? Many organizations – companies and offices – are hacked more often than ever through credential theft. Politicians from all over the world are being affected, as well. Leaks of important and confidential data from email accounts or badly secured applications are more and more frequent. One of the recent scandals concerns Poland where cybercriminals managed to take over the email account of the Chief of the Chancellery and published the content of official correspondence. But this is not a single case. Other countries are being attacked as well, as in the case of the United Kingdom. What is the criminals’ way of acting? How should politicians and employees of crucial national institutions behave to protect against such cases?

Recent cyber attacks in the UK

As the numbers are growing, the problem of email accounts takeover becomes from crucial national and medical institutions has become a concern for almost every country. In the past 6 months, attackers took over classified information related to British aid projects financed by National Security Council intended to counter-terrorism and building stability overseas. In February 2021, a breach of sensitive data was reported at Oxford University laboratories researching Covid 19.

“Cyberattackers obtain user online credentials through phishing scams”, Tomasz Kowalski, Secfense CEO, said. Secfense built User Access Security Broker solving to solve the issue of difficult adoption of strong authentication and, thus, unlocked the potential behind the Universal 2nd Factor standard, i.e. U2F. “This is exactly why everybody, especially, individuals with access to sensitive information, should use strong authentication based on multi-factor authentication (MFA). U2F or FIDO2 based authentication can give you the biggest level of security possible. The most important part of online security is to make sure that the person behind the computer is actually the person who is authorized to do so. And not a cybercriminal using a stolen password”.

180 days for the adoption of 2FA in the US

180 days for the adoption of 2FA in the US

The fact that multi-factor authentication (MFA) is a must nowadays is strengthened by the Executive Order on Improving Nation’s Cybersecurity issued on May 12th by the President of the USA urging the implementation of 2-factor authentication (2FA) for the Federal Government within 180 days. Solar Winds U.S. cyber-attack 2021 only made things more important and more urgent.

This type of security measure was lacking in the case of Michal Dworczyk, the Polish Chief of the Chancellery, which, on June 2021, resulted in his private email account takeover (which by the way was never under any circumstance supposed to be used for official correspondence). This hack caused quite a stir since strategic and strictly confidential information of state value was taken over by unauthorized people.

“According to the domain’s owner where the Polish politician’s account was hosted, the access to the account was obtained as a result of providing correct login and password”, Kowalski added. “It may be assumed that the cybercriminals either extorted the password from the Minister’s wife or took advantage of the fact that she used the same password in other services and obtained it from one of them”.

State matters kept on Gmail

The use of private email accounts for official business within state administration is not only a Polish flaw. According to Sky News, in 2020 alone, as many as 151 security breaches reported by the British Ministry of Defence were caused by the transfer of secret information from the government-secured network into private email accounts.

“Even the people who have access to the most confidential national information are hard to train and discipline. It is, therefore an imperative to speak loudly about comprehensive use of multi-factor authentication and about replacing passwords with better alternatives and therefore going passwordless.” Tomasz Kowalski further explains. “The second factor could be both physical keys or biometric scanners built into laptops or smartphones. It is crucial to secure all the apps used by employees and politicians. Luckily, there are a number of non-invasive ways to use any method of multi-factor authentication, including cryptographic keys, that does not require changes in application code and therefore can be easily introduced to any app“.

U2F Keys for the Polish Government

After Minister Dworczyk’s email leak scandal, talks about the purchase of physical cryptographic keys (U2F) for the Polish government have begun. However, whether the U2F keys will protect all the government applications and will politicians actually use them when they are ordered to do so remains in question.

Multi-Factor Authentication for Politicians

Either way, today, multi-factor authentication is considered the most effective protection against information theft, including obtaining sessions from logged-in users, phishing, and man-in-the-middle attacks. All of us and, especially, people holding state positions, should immediately stop using passwords as the only online authentication and security confirmation. It is the passwords, often weak and identical in numerous services, that are prone to easy theft, which may result in not only the owner’s stress but also in a political crisis.

How to protect against cyber attacks

What measures should government officials take to protect their data against cyberattacks?

  1. Start first with the use of different passwords in different services. Never duplicate passwords or use many variants of the same password on different apps only using additional numbers of symbols.
  2. The use of password managers with a strong password and strong authentication enabled is a good way to start.
  3. It’s highly recommended to implement two-factor authentication (2FA) whenever and wherever it is possible.
  4. Never send sensitive information through private email accounts.
  5. Allow automatic updates of operating system and key applications. This will help you avoid problems related to software bugs and security holes.
  6. Do not react when someone asks for immediate provision of data, whether the request comes from an application or through an email demanding immediate reaction, or from a fake bank representative calling with a request for the installation of a phone application. If it’s super urgent then always be aware!
  7. Use Signal communicator for important messages. Signal is currently the most secure messenger application. In contrast to Whatsapp, not only does it provide confidentiality but it also maintains privacy of all conversations as it does not collect any connection metadata, i.e. the messages are encrypted therefore the application does not know their content, it also does not know who the participants of a conversation are.

Get in touch

For more information about implementing strong authentication on any application and introducing passwordless authentication in your company talk to us using our chat or schedule a discovery call.

Antoni takes care of all the marketing content that comes from Secfense. Read More

Featured Articles

Keep In Touch

Read More

Passkeys and Regulatory Compliance: Aligning with PSD2, GDPR, HIPAA, and CCPA Standards

Passkeys, developed based on the FIDO Alliance’s FIDO2 and U2F standards, are cryptographic keys designed to replace traditional passwords, providing enhanced security without the vulnerabilities…
Avatar of Antoni Sikora Antoni Sikora

READ TIME 7 MIN

How to implement 2FA without relying on mobile phones

Cybersecurity specialists working in enterprise environments are well aware of the importance of strong authentication methods like FIDO and passkeys. These technologies offer strong, phishing-resistant…
Avatar of Antoni Sikora Antoni Sikora

READ TIME 4 MIN

Managing Authentication in the Aviation

Why Does the Aviation Industry Face Authentication Challenges? The aviation industry comprises a complex network of airlines, airports, third-party suppliers, government agencies, and other stakeholders….
Avatar of Antoni Sikora Antoni Sikora

READ TIME 3 MIN

Testimonials

We are faced with new challenges every day. We must always be one step ahead of the attackers and know what they are going to do before they do it. We are convinced that the User Access Security Broker will bring security to a new level, both for those working at the office and from home. For us, working with Secfense is an opportunity to exchange experience with developers who put great value on out-of-the-box thinking.

Krzysztof Słotwiński

Business Continuity and Computer Security Officer

BNP Paribas Bank Poland

As part of the pre-implementation analysis, we verified that users utilize a wide range of client platforms: desktop computers, laptops, tablets, smartphones, and traditional mobile phones. Each of these devices differs in technological advancement, features, and level of security. Because of this, and also due to the recommendation of the Polish Financial Supervision Authority (UKNF), we decided to introduce additional protection in the form of multi-factor authentication mechanisms based on FIDO. As a result, users of our applications can log in safely, avoiding common cyber threats such as phishing, account takeover, and theft of their own and their clients’ data.

Marcin Bobruk

CEO

Sandis

We are excited to partner with Secfense to enhance our user access security for our web apps. By integrating their User Access Security Broker, we ensure seamless and secure protection for our applications and systems, delivering superior security and convenience to our customers.

Charm Abeywardana

IT & Infrastructure

Visium Networks

Before investing in Secfense, we had the opportunity to talk to its existing clients. Their reactions were unanimous: wow, it’s so easy to use. We were particularly impressed by the fact that implementing their solution does not require the involvement of IT developers. It gives Secfense a huge advantage over the competition, and at the same time opens the door to potential customers who so far were afraid of changes related to the implementation of multi-factor authentication solutions.

Mateusz Bodio

Managing Director

RKKVC

Even when the network and infrastructure are secured enough, social engineering and passwords can be used to gain control of the system by attackers. Multifactor authentication is the current trend. Secfense addresses this and allows you to build zero trust security and upgrade your current systems to passwordless applications within minutes, solving this problem right away,” said Eduard Kučera, Partner at Presto Ventures and cybersecurity expert – former Director in hugely successful Czech multinational cyber security firm Avast.

Eduard Kučera

Partner

Presto Ventures

One of the biggest challenges the world is facing today is securing our identity online. That’s why we were so keen to have Secfense in our portfolio. They make it possible to introduce strong authentication in an automated way. Until now, organizations had to selectively protect applications because the deployment of new technology was very hard, or even impossible. With Secfense, the implementation of multi-factor authentication is no longer a problem, and all organizations can use the highest standards of authentication security.

Stanislav Ivanov

Founding Partner

Tera Ventures

Two-factor authentication is known to be one of the best ways to protect against phishing; however, its implementation has always been difficult. Secfense helped us solve that problem. With their security broker, we were able to introduce various 2FA methods on our web applications at once.

Dariusz Pitala

Head of IT

MPEC S.A.