Phishing attacks are a powerful social-engineering weapon in a hacker’s arsenal. As has been proven time and time again, people in both the public and private sector are able to be goaded into enabling malicious code via spoofed email. In an attempt to curtail the rise in phishing attacks against government agencies, various entities have employed the Domain-based Message Authentication, Reporting, and Conformance (DMARC) protocol. DMARC functions by blocking emails that come from third-party sources, contrary to the official offices (like the FBI) that they impersonate.
As Threatpost reports, the number of agencies in the U.S. government utilizing DMARC is only 2 percent of the total U.S. government domains. It was this issue that was addressed in a letter to the DHS. Written by Sen. Ron Wyden (D-Ore.), the letter went in detail of how imperative the implementation of DMARC is to the overall cybersecurity of key government sources. As Sen. Wyden states:
I write to ask you to take immediate steps to ensure that hackers cannot send emails that impersonate federal agencies... the threat posed by criminals and foreign governments impersonating U.S. government agencies is real.
He then goes on to mention successful implementation efforts of DMARC in the United Kingdom:
Government-wide implementation of DMARC has had a huge impact in the United Kingdom. In 2016, the UK required all government agencies to enable DMARC. As a result, the UK’s tax agency has stated that it reduced the number of phishing emails purporting to come from that agency by a staggering 300 million messages in one year
DMARC is indeed a step in the correct direction should the U.S. government implement it, but to treat the protocol as a magic bullet against phishing would be foolish. Every filter has a workaround, and DMARC, in particular, has not totally prevented phishing attacks against companies (e.g. Yahoo, Google) that have implemented it.
It will take more than a letter from one senator to convince the government to even approach DMARC for broader use. I suppose the hope is that more members of Congress will back Sen. Wyden in his campaign and perhaps get a bill introduced to the Senate floor. Only time will tell.
Photo credit: Wikimedia