US election: Cyber ​​attacks expected

2 November 2020
| No comments
US election 2020 hackers cyber attacks

Share post

Many experts expect cyber attacks during the upcoming US presidential election. Sophos sees strategic chaos as a target: "False flag cyberattacks are the biggest security threat in the elections," said JJ Thompson, senior director of global managed threat response at Sophos

In view of the upcoming date for the election of the American president on November 3rd, there is great tension in the USA. There is great uncertainty, exacerbated by the still raging pandemic, which very quickly shook up the electoral landscape, and experiences from 2016 that are still on people's minds. These are exactly the conditions that attackers could take advantage of in a cyberattack.

All kinds of cyber attacks expected in the US election

All eyes are on this election and with it cyberattacks of all stripes are to be expected, from ransomware attacks to direct attacks on election administration systems - from nation states to bored teenagers who want to prove themselves.

Our first impulse is usually to want to understand attackers and their intentions as quickly as possible. But we should be careful not to assign attacks too quickly to specific groups of perpetrators. Incorrect, hasty accusations of the alleged perpetrators of attacks, possibly still spread in the media, can damage the security of an election just as much as the attack itself. Instead of possibly endangering diplomatic relations, it is therefore more advisable to concentrate on immediate countermeasures to avoid further damage to prevent during an incident.

The Seeds of Discord: Three Motives Behind Election Manipulation

In order to use appropriate countermeasures, it is important to keep an eye on the motives of the opponents: electoral manipulation is about gaining power, sowing discord and creating chaos. The attackers' methods and procedures follow these motives and aim at three corresponding scenarios:

  1. Disrupting and delaying election results in key districts where delaying may be beneficial to the opponent's outcome.
  2. Create public doubts about the integrity of the election result.
  3. Misleading and insecurity through targeted provocation using the wrong allocation of attacks.

 

Rushed finger-pointing plays into the hands of opponents

In an active attack on the electoral systems, neutralizing the active attack is the most important factor. Closely followed by the avoidance of premature naming of the alleged perpetrators. An attack remains an attack. So the most important thing is to ensure that the elections are safe, free and fair by recognizing an attack and responding to it as soon as it occurs. To ensure the integrity of the ballot papers and to give security to the voters, it is not absolutely necessary to immediately know the identity of the actors behind the attack.

However, this is exactly where a critical point becomes apparent: immediate satisfaction is a human drive. So if there are reports of problems on election night, you will want to know immediately who is responsible. This impulse to hurriedly point the finger and assign blame makes it all the more easier for attackers to sow confusion and mistrust - especially in an already turbulent election season. And this is a strategy that some governments are only too happy to use.

Targeted False Flag Chaos - Scenarios and a Real Example

An illustrative example: Nation A wants to wreak havoc in the US in November. Of course, they don't want the attacks attributed to them. Because of this, they compromise hosts in nation B and use these hacked hosts to launch DDOS attacks on the election report pages of the US states on election night.

As we saw with results for this year's Iowa primary, lengthy, technical delays in tabulating and reporting results can cause voter frustration and some confusion about it. Imagine the scenario in one of the "swing states" (US states in which neither of the two major parties has a majority) on November 3rd. The delays could add days or weeks of uncertainty about the election results.

What if scenarios

What if the votes in an affected state ended early and it affected voter turnout in the evening? Even if it were an isolated incident, if the election report pages were found to have been compromised or hacked, attack logs would be viewed and IP addresses that could be traced back to nation 2 would be found. One is then likely to wrongly conclude that it was Nation 2 who hacked the election.

It's not just a hypothesis. In 2018, Russian hackers compromised hundreds of computers and routers associated with the opening ceremony of the Winter Olympics. However, they used IP addresses from North Korea. As a result, the first wave of indictments landed at North Korea's feet - at least in this case, however, this country seems to be innocent.

Potential targets for attack in the US electoral system

Elections in the US are extremely complicated, not least because the systems for conducting them are so decentralized and split at the state and local level. This complexity forces opponents to invest heavily in planning and coordinating attacks.

At this late stage in the electoral cycle, it makes sense to identify the many different potential areas of attack in the electoral system: providers of electoral systems (both on the human level and on the level of technical infrastructure / codes), registration and electronic ballot books (e-poll books), the integrity of voting machines, individual and / or end-user systems involved in election management, vote counting and reporting systems, and the places where the election results are transmitted, tabulated or published - they are all primary targets for attacks.

We need to focus on these aspects:

  • Fully patched systems, properly configured and monitored, endpoint protection and detection agents and controls for all systems involved in the process of tabulating and submitting election results.
  • Simple, clear and concise guidelines for the local election workers. Large runbooks or security scripts commonly used by government officials are not effective on election day.
  • Provision of available visibility, investigation and reaction options that can still be set up at short notice.
  • Ensure highly qualified personnel who are able to identify and respond to critical signals in order to quickly neutralize active threats.

Primary goal: integrity of electoral systems

Cyber ​​warfare is asymmetrical: opportune targets are those that cause noticeable disruptions or can occupy particularly vulnerable information or access. Attackers only need a single vulnerability for this. The blame-in-the-shoes game inevitably distracts focus from these much more pressing concerns. Ultimately, it is the law enforcement authorities who are responsible for assigning the causal attack. Only they have the legitimacy to pursue legal violations and to bring charges against cyberattackers, be they other countries or hackers within their own borders.

For everyone else - namely the voters and those responsible for overseeing fair and safe elections - the primary concern of the next few days must be to ensure the integrity of the electoral systems.

More on this at Sophos.com

 

About Sophos

More than 100 million users in 150 countries trust Sophos. We offer the best protection against complex IT threats and data loss. Our comprehensive security solutions are easy to deploy, use and manage. They offer the lowest total cost of ownership in the industry. Sophos offers award-winning encryption solutions, security solutions for endpoints, networks, mobile devices, email and the web. In addition, there is support from SophosLabs, our worldwide network of our own analysis centers. The Sophos headquarters are in Boston, USA and Oxford, UK.

 

Matching articles on the topic

IT security: NIS-2 makes it a top priority

Only in a quarter of German companies do management take responsibility for IT security. Especially in smaller companies ➡ Read more

Cyber ​​attacks increase by 104 percent in 2023

A cybersecurity company has taken a look at last year's threat landscape. The results provide crucial insights into ➡ Read more

Mobile spyware poses a threat to businesses

More and more people are using mobile devices both in everyday life and in companies. This also reduces the risk of “mobile ➡ Read more

Crowdsourced security pinpoints many vulnerabilities

Crowdsourced security has increased significantly in the last year. In the public sector, 151 percent more vulnerabilities were reported than in the previous year. ➡ Read more

Digital Security: Consumers trust banks the most

A digital trust survey showed that banks, healthcare and government are the most trusted by consumers. The media- ➡ Read more

Darknet job exchange: Hackers are looking for renegade insiders

The Darknet is not only an exchange for illegal goods, but also a place where hackers look for new accomplices ➡ Read more

Solar energy systems – how safe are they?

A study examined the IT security of solar energy systems. Problems include a lack of encryption during data transfer, standard passwords and insecure firmware updates. trend ➡ Read more

New wave of phishing: Attackers use Adobe InDesign

There is currently an increase in phishing attacks that abuse Adobe InDesign, a well-known and trusted document publishing system. ➡ Read more

Stories
, , ,