This year’s U.S. elections is contentious more than ever before, across presidential candidates, platforms and policies. Throw in our COVID19 state, social and economic unrest, and rising cyber crime, it’s concerning to all especially to our security community.
The 2016 elections brought new waves of attacks (DNC breach) and sophisticated malware impacting voters and election outcomes. Since then, we learned and built advanced technologies to thwart nation-state adversaries. We implemented stricter controls across IT infrastructures, corporate, social, and cloud networks.
Yet here we are, with elections looming and we’re faced with a daily barrage of breaking news stories around the latest election-related cyber crimes. It’s overwhelming in scope and grave concerns arise, how do we protect our company, our people, and our customers.U.S. Elections: Voting Fraud and Ballot Tampering
Netenrich is here to help unravel and make sense of critical issues and explain the threats that concern all of us. We’ll highlight the areas of potential risk through blogs and videos. I’ve enlisted security experts working in the trenches to provide their insights. I’m also investigating the nefarious activities bubbling on the dark web.
For the past several months, we have been tracking cyber crimes tied to our elections. We’re seeing methods used in 2016 as well as new ones that deserve notice. Threat types include but are not limited to cyberattacks, information warfare campaigns, targeted attacks by foreign and domestic entities, reputational threats, and physical threats.
As for their motivations, these threats may seek to undermine or interfere with the election process, to manipulate the outcome of the election in favor of a particular candidate, to allow criminals opportunistic financial gain, and to allow threat actors to gather intelligence on a particular demographic or policy issue.
Cyber crime related to electronic and mail-in voting
According to the Department of Homeland Security, election systems are being scanned by unknown entities. Scanning is a technique used for cyberattack reconnaissance. However, it is possible that these systems were also passively scanned. Regardless of the motive, U.S. officials have stepped up election systems security since 2016, when Russian threat actors targeted systems in all 50 states.
Attacks on electronic voting are at the forefront. We’re seeing chatter on the dark web about threat activities tied to polling locations and critical infrastructures involved in the voting process. Threat actors are targeting ways to prevent people from voting or delaying tallying of votes or to manipulate votes in favor of a particular candidate.Automated Penetration Testing With Attack Surface Intelligence
Ransomware attacks for monetary gain
Cyber criminals will use the election as an opportunity for monetary gain. One of the most likely scenarios involves ransomware attacks. These may be used in conjunction with big game hunting (BGH) activities targeting the Presidential candidates.
Big game hunting activities are strategic attacks typically leveraging ransomware to target high-value data or assets with a low tolerance for downtime. These attacks may target infrastructure and networks supporting the electoral process or those used by the candidates or major political parties.
Theoretically, a ransomware attack on election infrastructure could stall the voting process by locking down electronic votes, postponing the official tally, and thereby delaying the election results. In the past, BGH actors have targeted law firms known to have prominent political figures as clientele.
Cyber criminals have also been known to steal data and leverage it for extortion, threatening to leak sensitive data and demanding that the affected person or organization “buy back” the data. Other cyber crime ventures may include information theft, phishing attacks, phone call based fraud, or donation scams.National Cyber Security Awareness Month: Prime Time to Shop and Attack
Campaign applications misuse
The official campaign applications of Presidential candidates Joe Biden and President Donald Trump provide a unique attack surface that has already been compromised.
Recent news hit around a vulnerability on the Vote Joe App (official Biden app) that gave access to millions of voters’ files. The app was intended as a way for supporters to share and spread voting awareness to family and friends. The app requires users to upload their phone contacts to check if their friends and family are registered to vote.
The app used data supplied by a political marketing firm called TargetSmart. If a match was confirmed, the app displayed voter details including name, age, birthday, and most recent voter activity. The technology also allowed users to create contact with any voter’s name, allowing someone to potentially gather information on a person they do not know, whether out of curiosity or for malicious intent. The “bug” has reportedly been fixed since the unintended use was discovered. People need to be aware that their registered voter data is available publicly and measures should be taken to protect that information.
The Official Trump 2020 app also experienced security-related issues. In June, the app’s Android APK files exposed hardcoded secret keys associated with its Twitter and Google services. Researchers also found that the app collected large amounts of data, including the tracking of users, user contacts and location, phone status, and identity. The app also had the ability to read and delete SD card contents, permissions to view network connections, and permissions to prevent the phone from sleeping.Try ASI Free for 30 Days
Here are tasks that IT and security organizations can do to monitor any elections-related cyber crime and shore up vulnerabilities.
- Security teams should be on the lookout for an increase in phishing campaigns against their users.
- Educate your employees around the widespread adoption of voting registration buttons across websites and social media platforms. Take steps to validate that these are real and not false buttons trying to infect users or subvert traffic which is exceedingly difficult. Users should be cautioned against using them.
- If your organization is involved in anything related to the election or process be wary of a rise in DDoS attacks on public infrastructure.
Check out our Elections 2020 and Cyber Security Roundtable sessions to hear from cybersecurity experts and their views and experiences dealing with elections cyber attacks.
Next up, we’ll investigate the rise in information warfare campaigns and attack methods involving disinformation campaigns and the use of social media and ads for propaganda purposes.
Subscribe To Our Newsletter!
The best source of information for Security, Networks, Cloud, and ITOps best practices. Join us.
Thank you for subscribing!