Cyber-researchers explain what concerns them the most as the US heads into the final day before the presidential election, & they also highlight the positives.
What worries researchers leading up to election-day winners & losers? Most cite possible attacks on local infrastructure, crippling ransomware incidents & disinformation campaigns.
There are also many concerned voters this year. Election-related cyber-security attacks have been making US headlines daily, keeping the US electorate worried about possible late-stage cyber-attacks.
So, heading into the day before US Election Day, researchers discussed the state of play.
“The last weekend before the election is like the Super Bowl for malicious actors that want to disrupt or influence the election,” observes Ray Kelly, Principal Security Engineer at WhiteHat Security.
“Authorities & election officials know this is the case & have taken precautions to try to ensure a safe election. These include election infrastructure assessment & securing voting registration systems.
However, given the recent hack involving Hall County, GA., where election data was released to public for failure to pay a ransom, it really brings into question how effective the measures will be in the final stretch of the election.”
That said, just to balance things out, researchers were also asked about what is going right – it cannot all be a black cloud of worry after all.
As Kelly outlined, 1 big area of worry for researchers is the threat to local municipalities & their elections infrastructure.
“The biggest cyber-risks to the election are most likely going to come in the form of disruption to local support services: e-pollbooks, municipal IT infrastructure, informational applications,” suggested Rob Bathurst, CTO at Digitalware.
Digitalware recently found that the average municipal computer contains more than 30 potential vulnerabilities or risk conditions at any time. In an average local govt. network, an attacker has over 15 ways to penetrate a typical computer & reach an intended target.
“The reason these services would be the most likely to be disrupted is that they are publicly accessible (voter registration/polling place lookup) & common targets of criminals/ransomware actors (municipal IT infrastructure/systems),” Bathurst explained.
“The rest of the systems used to support the actual voting process (DRE, ballot markers, tallying) generally has a very limited connectivity timeframe & a small attack surface, meaning the odds of an incident involving them would be small compared to the aforementioned targets.”
Mike Hamilton, CISO at CI Security, also has local elections infrastructure on his radar screen.
“The biggest danger is the threat of counties being hit with ransomware on Nov. 4th. Why? Because at that point in-person voting will have been completed & votes tabulated,” he explained. “If ransomware hits a county (only counties conduct elections), the mail-in count will be thrown into question. Because Republicans are known to vote in person on election day & Democrats favour mail-in ballots, this is a danger.”
He added ominously, “It doesn’t matter whether ransomware can actually ‘change vote tallies,’ it’s that if there is enough access to a network to encrypt data, there’s enough access to change it.”
Hamilton is not alone in anticipating direct cyber-attacks on election infrastructure that could cripple vote-tallying or vote-casting.
“Instead of hacking into voter-registration databases, which are better protected now than they were in 2016, we should be prepared for cyber-attacks that deny access to voter-registration lists on election day,” commented Suzanne Spaulding, advisor to Nozomi Networks & former US DHS Undersecretary of Cyber & Infrastructure.
She added, “This might be through ransomware attacks that would lock up the data so poll workers could not access it. Cyber-activity could disrupt the tabulation or reporting of results. In addition, with a significant increase in mail-in voting expected, we should look for disinformation designed to undermine the public’s trust in that process. We are seeing it already in the Russian propaganda outlets.”
Another major area of concern for researchers lies in disinformation campaigns, which continue to rage on in the home stretch of the election season. Digital Shadows for instance recently found that China, Iran & Russia are all ramping up their attempts to spread fake news & misinformation about candidates & policies.
“Russia’s Internet Research Agency (IRA), which allegedly takes its direction from the Kremlin, has been primarily responsible for this interconnected ‘carousel of lies, as 1 former member of the IRA described it,” according to the firm’s report. “In many cases, the fake news stories they spread are more appealing to Americans due to pop culture references, pictures & cartoons.”
The tactic works, too: In Sept., Facebook took down groups & accounts that were affiliated with the deceptive news organisation, ‘Peace Data’, but not before 100s of stories were shared on Facebook.
“At this stage in the election process, the only significant cyber-risk is disinformation with the confidence on the actual result of the election,” suggested Joseph Carson, Chief Security Scientist & Advisory CISO at Thycotic. “Hacking an election is not about influencing the outcome, it is about hacking democracy. It is always important to determine the ultimate motive & that is about dividing people to create distrust in both Govt. & your fellow citizens.”
Brandon Hoffman, CISO at Netenrich, noted that while it is important to boost awareness around these types of influence campaigns, the focus in the news on disinformation may also be an intentional distraction for something else.
“We may be creating the smokescreen the real adversaries need to perform the attacks they have been waiting to execute,” he suggested. “
My hunch tells me that there is something waiting in the wings related to voting infrastructure or a major information bomb coming on either Mon. or Tues. That information bomb may be real or fake, however, as long as it creates chaos & discontent, the effect will be the same.”
Bikash Barai, Co-Founder of Fire Compass, warned that disinformation efforts stretch far beyond just posting or sharing fake news on social media.
“Based on Fire Compass’ internet wide monitoring data, there are currently more than 5m open, vulnerable databases, which include usernames, passwords, emails & personal details,” he reported. “When this data gets in the hands of hackers, it can be used to send personalised & targeted misinformation to skew results.”
He further added, “In addition, breaking into the ‘information supply chain’ is not a challenge for hackers. In fact, more than 90% of organisations have at least 1 major security vulnerability, which can be used to break in, steal & corrupt data.”
What’s Going Right?
After the hack-&-leak operation against the Democratic National Committee & widely publicised election meddling by foreign players in 2016, the US population is a bit nervous on the cyber-attack front when it comes to ensuring a free & fair election.
There have been plenty of headlines: Iranian actors posing as the US hate group “Proud Boys” launching email campaigns against registered Democrats; the mentioned ransomware attack affecting a Georgia database of voter signatures; the Trump Campaign website defaced with a cryptocurrency scam; scammers bilking Wisconsin Republicans out of $2.3 million; & rampant mobile phishing issues – amongst others.
Is there hope things will go smoothly in the next few days? A group of researchers was asked what they consider to be the bright side of cyber for the remaining US election season / aftermath. Most pointed 1st & foremost to improvements overall in risk awareness.
“Local Govts are now aware that their systems could be targeted, & larger city/county Govts. have moved to try to shore up their security operations in the run-up to the election,” Digitalware’s Bathurst commented. “Some have even taken the proactive approach of attempting to understand their attack surface & how things like misconfigured/unmanaged systems could impact their security.”
‘So far it is been fairly quiet in terms of any major bombshells’, noted James McQuiggan, Security Awareness Advocate at KnowBe4.
Political Party Systems
“We haven’t had any significant data breaches with the govt. or political party systems, like what happened in 2016 with the Democratic party,” he explained. “More & more organisations are taking notice of the recent attacks & taking the necessary steps to educate their staff to make sure they can spot social engineering scams. These actions can help to reduce the risk of a cyber-attack.”
CI Security’s Hamilton sees other reasons to be positive. “The co-operation between Microsoft & the US Dept. of Defence at taking down the TrickBot botnet, Microsoft giving Defender/ATP free to counties until the election is over, & the information-sharing that seems to have been stepped up with the FBI & DHS/CISA are all positive,” he observed.
‘Defending Digital Campaigns’
Spaulding added, “It’s hard to know all the things the political parties may be doing to better protect their data & information systems. I am on the board of an organisation, called ‘Defending Digital Campaigns’, that got a ruling from the FEC that allows us to work with cyber-security companies to provide their services to campaigns for free or at a discount. Campaigns have not traditionally focused on cyber-security & they have a long way to go!”
Netenrich’s Hoffman had a harder time being positive: “It’s hard to say what’s going right in this election,” he concluded. “From a place of false comfort, I would say there haven’t been any major cyber issues…but it feels like foreshadowing.”