A data breach of the National Republican Campaign Committee damages the confidence of U.S. voters, and attackers will use increasingly complicated tools to hack into computer systems, according to cybersecurity vendor McAfee. Four unidentified committee aides were reportedly surveilled for several months, and while the Federal Bureau of Investigation is investigating the matter, it is not clear what information was stolen.
The NRCC breach also raises the issue of campaign committees being soft targets when compared to other government entities, said Steve Grobman, McAfee’s senior vice president and chief technology officer.
Campaign committees “are often comprised of employees and volunteers possessing varying degrees of cybersecurity practices, policies and protective measures to protect their communications and computing systems,” Grobman told HSToday. “It raises the question of whether these entities should be considered a part of our election infrastructure.”
Knowledge of the breach was not widely discussed with Republican House leadership, according to Politico.
Ian Prior, a vice president at Mercury Public Affairs, which was hired by the NRCC to address the breach, confirmed the incident to The Hill.
“The NRCC can confirm that it was the victim of a cyber intrusion by an unknown entity,” Prior said. “The cybersecurity of the committee’s data is paramount, and upon learning of the intrusion, the NRCC immediately launched an internal investigation and notified the FBI, which is now investigating the matter.”
McAfee predicted in a recent Threat Predictions Report that 2019 will be more advanced than ever before.
“This year we have seen cyber threats adapt and pivot faster than ever. We have seen ransomware evolving to be more effective or operate as a smoke screen,” the report notes. “We have seen cryptojacking soar, as it provides a better, and safer, return on investment than ransomware. We can still see phishing going strong and finding new vulnerabilities to exploit. We also noticed fileless and ‘living off the land’ threats are more slippery and evasive than ever, and we have even seen the incubation of steganography malware in the Pyeongchang Olympics campaign. In 2019, we predict attackers will more frequently combine these tactics to create multifaced, or synergistic, threats.”