We’re all familiar with public and private-sector organizations, financial institutions, entertainment businesses and even police forces falling victim to cyberattacks. Now the computer systems used to run elections in the American states of Illinois and Arizona have been added to the list of victims. Hackers have apparently accessed the records of over 200,000 voters in Illinois alone, including names and addresses, dates of birth and in some cases, the last four digits of Social Security numbers and driver’s license or state ID numbers.
While it looks likely that the aim of the attack was to steal personal data, rather than a trial run at changing the possible outcome of an election, the FBI issued an Amber Flash Alert following the attacks, with the aim of informing private companies about cyber threats that may affect them. This particular alert identifies the penetration testing tools used in the attacks against the electoral computing systems in Arizona and Illinois and, interestingly, the source IP addresses from which the attacks came.
The fact that these IP addresses were identified – and, just as importantly, that the FBI saw fit to communicate them widely – underlines the increasingly important role of IP address monitoring and blocking in corporate cybersecurity strategies.
IP filtering and blocking is based on the simple principle that a significant proportion of the traffic hitting networks never even needs to touch your perimeter – either because it originates from geographical areas where you currently don’t do business and have no plans to do so, or because it originates from compromised or malicious IP addresses that are known to distribute malware, launch phishing attacks, control botnets or so on. The traffic type is likely to be suspicious because there is no reason for it to be communicating with your organization, while the latter traffic type is almost certainly suspicious because its sources are known to be malicious.
In either case, there is simply no need for that traffic to reach your network at all – and by blocking it from doing so, you can slash your chances of falling victim to a cyberattack, while simultaneously reducing your network’s attack surface.
In the case of these electoral computer systems, had IP filtering and blocking been in place, then the seven IP addresses identified by the FBI as the source of the attacks could simply be blocked from communicating with the electoral systems in question, cutting off the attack at source and disenfranchising the attackers.
We recently blogged about the ability of Clavister’s GeoIP capability to greatly reduce the risk of falling victim to distributed denial of service (DDoS) attacks – which is why it’s an integral feature of our next generation firewalls. It’s a simple, but very powerful layer of defense for your networks, and a strong vote in favour of better security.