A day after reports that Russian hackers have been caught targeting conservative institutions and senators, the Democratic National Committee has come out with a new claim that it has “found a suspected attempt to hack into its voter database.”

The DNC was scant on providing details even to the point of not even publishing a press release. CNBC reported that an official claims that the DNC had been targeted by a phishing campaign, that it had informed law enforcement and that the hacker did not gain entry into the party’s VoteBuilder system.

Update: The DNC said Thursday that the attempt was actually a test by an unnamed third party associated with the party.

However, the incident does open the door for a reasonable discussion about security. Atif Mushtaq, chief executive officer at SlashNext Inc., told SiliconANGLE that “such fast-changing phishing attacks can fool users into clicking on highly realistic online ads, search results, pop-ups, browser extensions, social media posts and web apps. These attacks outside of email require new technologies that provide real-time, session emulation to ensure representatives and their organizations remain protected.”

“New kinds of strategies are required to deal with these new web-based phishing attacks that target employees,” Mushtaq noted. “What is needed is a combination of employee awareness training, secure email and Web gateways, URL filtration, and now real-time phishing site detection to catch live, previously unknown attacks so they can be automatically blocked by existing infrastructure. Blocking attacks at the start of the kill chain is critically important to stop further damage and breaches.”

Matthew Gardiner, cybersecurity expert at Mimecast Services Ltd., said that the “attack on the DNC’s Votebuilder application employs standard operating procedures used by adversaries around the world tens-of-thousands of times a day: Build a duplicate login website that mimics the targeted legitimate web-based application, send a targeted, well socially engineered email to a select group and proceed to steal the victims login credentials with a fraudulent login prompt or to infect the intended victim with a drive-by malware download.”

Gardiner suggested that security defenses that combine antispearphishing and antimalware technologies, along with multifactor authentication, can serve as key deterrents against these types of attacks.

Image: Dark Forest/YouTube