Microsoft to give 12 countries free AccountGuard security service after Fancy Bear political hacking

  • Liam Tung (CSO Online)
  • 21 February, 2019 07:53

Microsoft has rolled out its free AccountGuard security service to 12 additional European Union nations ahead of a busy year of elections across the continent. 

The expansion follows a wave of attacks against European think tanks and political groups that Microsoft detected in the last quarter of 2018. 

Microsoft attributed the attacks to the group Strontium or, as it’s more widely known, Fancy Bear — a term coined by security firm CrowdStrike, which uses variations on bear-themed names to refer to different state-backed Russian hacking groups.

The service could be very useful to political organizations in Europe given the speed at which 'bear' hacking groups operate. CrowdStrike said in a report this week that Russian 'bear' attackers took just 18 minutes to begin moving laterally in a target after an initial compromise, which was eight times faster than other state-backed hackers from other countries.  

The biggest vote in the EU this year is the 2019 European Parliament election, scheduled in May. Due to Brexit, voters across 27 (rather than 28) countries will go to the polls to elect over 700 members of the European Parliament.   

Microsoft launched AccountGuard last August for political organizations in the US as part of its effort to thwart nation-state attacks that can be used for election meddling. 

The company monitors targeted campaigns against organizational email and personal accounts of staff who’ve signed up to AccountGuard. It then provides notifications to affected parties when it detects organizations or users are “verifiably threatened or compromised by a known nation-state actor”. 

The service is now available in France, Germany, Sweden, Denmark, Netherlands, Finland, Estonia, Latvia, Lithuania, Portugal, Slovakia, and Spain. With AccountGuard already available to in Ireland and the UK, 14 European countries now have access to the service. Outside the EU, only the US and Canada have access. 

Microsoft plans to expand AccountGuard to more Europe countries in coming months, according to Tom Burt, Microsoft’s corporate vice president of customer security and trust. 

“The markets for which we’re announcing AccountGuard today represent places where we’ve been able to expedite the work needed to offer AccountGuard quickly,” said Burt. 

Key EU polls scheduled this year will happen in Spain, Belgium, Denmark, Estonia, Ukraine, Finland, Lithuania, Portugal, Greece, Slovakia, and Germany. But the biggest is the European Parliament election. 

Former NATO secretary-general Anders Fogh Rasmussen last week warned in an interview with Politco that Russia will launch a major campaign to meddle in the 2019 European Parliament election. He also warned Russia would employ so-called ‘deep fakes’, which uses AI to manipulate video and audio so that a person says something they never did or said.  

Microsoft today said it recently detected attacks against employees of the German Council on Foreign Relations, The Aspen Institutes in Europe and The German Marshall Fund. 

The targeted attacks were aimed at 104 Microsoft accounts used by the organizations' employees located in Belgium, France, Germany, Poland, Romania, and Serbia.

The company was “confident” that many of the attacks, which occurred between September and December 2018, were from Strontium aka Fancy Bear. 

Microsoft found the European organizations were targeted with the same tactics and techniques that have been used against US think tanks and political groups. Mostly the attackers created malicious URLs and spoofed email address as part of a targeted phishing campaign that aims to capture employee credentials and deliver malware.

"The attacks we’ve seen recently, coupled with others we discussed last year, suggest an ongoing effort to target democratic organizations. They validate the warnings from European leaders about the threat level we should expect to see in Europe this year.," said Burt.

Through AccountGuard Microsoft also provides guidance for securing network and email, such as enabling two-factor authentication, installing updates, and implementing access controls. 

AccountGuard is available to EU member state based political campaigns and parties at the General, Local, Municipal, and European Parliament elections. It’s also available to EU-based think tanks and advocacy organizations, political technology vendors, and select users with Hotmail and Outlook web email accounts, according to Microsoft’s EU AccountGuard page.