INTRODUCTION: The
American political landscape is complex, and profiling the attack surfaces for
any federal political operation is difficult as campaigns adopt new marketing,
social media, and fundraising methods. There are also different motivations for
each cyber actor that may overlap.
The
different categories of political players are diverse as candidates have
political action committee (PAC) allies, national political committees, and
major events such as each party’s national convention. This is also compounded
by the long political and business histories of each party’s nominee: Hillary
Clinton and Donald Trump.
US
financial services exposure includes the targeting of Personal Identifiable
Information (PII), information of donors to the candidates, PACs, and national
political committees. This is possible through the vendors hired by each
campaign to managed and report donations. Exposure also includes the
organizations involved in targeting the banks servicing the transactions for
all of these organizations via business email compromise as well as those who
have worked with the business or political assets belonging to each candidate.
This
paper is also applicable to non-US institutions as it profiles how to conduct
counter reconnaissance awareness with typo-squatting tools, examines how to be
aware of politically-exposed persons or celebrity donors and also recommends
best practices to prevent fraud through business email compromise.
******************************************
This report was published in its entirety to the Financial Services ISAC and Red Sky Alliance portal on July 19, 2016. For more information, contact Wapack Labs at 844-4-WAPACK.
