As we know, in the United States election security has been a top point of concern with so many aspects of the process vulnerable to attacks that can be exploited for personal or political gain. With experts citing security breaches as a top concern for the 2020 election, it’s more important than ever that strategies are implemented to protect individuals, businesses and government agencies.
As we saw in the last election, spear phishing and other attacks on individuals affiliated with political campaigns can have broad ramifications beyond the specific breach. Well-funded nation-state attackers are getting past perimeter defenses, and defenders often struggle to gain visibility into their slow-and-low tactics as they lurk in the network. However, attackers rarely land on the machine with the valuable data they hope to steal as soon as they get in. If you can block their lateral movement towards that valuable data, you can limit the fallout that occurs from a breach.
Many successful breaches are enabled by extraneous connectivity and credentials on machines throughout the network that allow attackers to gain a foothold without needing to leverage unpatched vulnerabilities or zero-day exploits. Some examples of this include remote desktop sessions left open, or cached admin credentials left on a browser. These pathways allow attackers to move laterally from their beachhead after they get past the perimeter and need to be found and removed. Simply closing off these pathways to critical assets makes successful breaches much less likely.
Of course, there are steps the targeted individuals should take regarding password hygiene, but we are talking about sophisticated nation-state attackers here, and even users who know they are a target are only human and prone to mistakes. Campaigns should use security techniques that shift the onus away from the defenders’ actions and towards making attackers doubt each move they make. For example, if the campaigns can blanket a network with deceptive data that is indistinguishable from real data, telling the difference becomes impossible for an attacker. The deceptive data serves as a beacon highlighting an attacker’s presence upon engagement, and it is now the attacker who has to carefully consider each click. Again, the focus is on active defense, so that even if an attacker manages to get past static defenses, their access can’t bring them near critical assets.
“With the United States presidential election right around the corner, cybersecurity threats still remain a real concern. Election infrastructure face an array of sophisticated cyberthreat designed to undermine system integrity. There is much that experts say state and local agencies can do to ensure their election systems are resilient. It’s a reality to assume that cyberattacks will get into infrastructures, and that reactive post-incident analysis is ineffective to stop sophisticated threats. However, with eXtended Detection and Response (XDR), state and local agencies can deterministically understand and combat precise attack progressions in real-time.”
For better or for worse, an election is something everybody participates in. It\’s interesting, it’s controversial and everybody is talking about it, but that\’s not to say that state-backed hacking activity is any more or any less when it\’s not an election year. We just become more aware of it, as the topic generates media interest. There is every chance that voting systems have already been infected and the malware is just lying idle waiting to start its malicious logic until election day when votes start to be submitted.
The scale, audacity and capabilities of Russian, Iranian, and Chinese nation state sponsored operations doesn’t appear to indicate any uptick. These hacking groups have constant massive operational gears, for which these hacking activities represent business as normal. Their adversarial activity is mostly directed against the United States, but they are politically opposed to almost all NATO allies.
With the presidential election less than a week away, cybercriminals are ramping up their efforts to trick voters with phishing scams including, credential stealing, credit card fraud or levering personal data to launch large-scale attacks. Election-related phishing surfaces across channels in various formats, and the unsuspecting consumer can be caught off-guard. One of the most common methods bad actors use to trick people during election season is phishing through: surveys and polls, petitions, donation requests, registration scams and others. In addition, these attacks are happening through a variety of channels like SMS, web, advertisements, as well as email.
With so much election information coming from so many sources, how can you distinguish what’s real and what’s fraudulent, and how can you protect yourself from falling victim to a phishing scam? A few strategies include avoiding sharing personal information via email or SMS, researching and understanding your state’s voting law, examining fundraising organizations or donating via your candidate’s official website and implementing phishing detection and prevention on mobile devices and browser applications.