What will happen if the November 2020 election results are tampered, blocked or disappear? Both parties will cry foul and blame the other party. Will the voters every really know the final results and how long could it possibly take for both national parties to agree upon an outcome? The blame may need to be placed with the hackers and ransomware criminals who have been attacking governments, businesses, and organizations with no let-up in sight. State and local governments and their agencies have little time to prepare as Election Day is approaching.
All voters have important concerns that they expect to be addressed before and after the November elections. With the country in a recession, nearly eight-in-ten registered voters (79%) say the economy will be very important to them in making their decision about who to vote for in the 2020 presidential election. The economy is consistently a top voting issue.
In a recent national survey, 68% of voters say health care is very important to their vote, while 64% cite Supreme Court appointments. As the country continues to grapple with the coronavirus outbreak, 62% of voters say the outbreak will be a very important factor in their decision about who to support in the fall.
About six-in-ten (59%) say violent crime will be particularly important to their 2020 decision, and 57% say this about foreign policy. Immigration and racial and ethnic inequality rank toward the lower end of the list for voters (52% each call these issues important to their vote). Fewer than half say climate change (42%) or abortion (40%) will be very important factors in their voting decisions.
Ransomware could pose a significant threat to the US election infrastructure, as older versions of software and potentially vulnerable voting machines could be targeted by criminal elements or by foreign-based cyber-attacks. According to NTT Ltd.’s global threat report for September 2020, ransomware could be deployed and lay in wait to be activated on election day, or once voting machines are activated, and could pose a significant threat to voting processes and procedures, potentially bringing voting operations to a halt.
“Election threats from ransomware, or from other types of cyber-attacks, do not come solely from foreign governments,” the report said. “Cyber-attacks against the US election infrastructure can be launched by any criminal threat actor seeking financial gain.”
NTT claims the US elections in November will involve a “a high stakes endeavor” in terms of ensuring and maintaining security, and threats to the US voting processes. The threats could involve: foreign interference, disinformation campaigns, potential changes in the US Postal Service operating procedures, ransomware attacks, aging technology (including hardware and end-of-life software), voter role purge, voter apathy and particularly for this year the fear of COVID-19 contagion at voting precincts. “A cyber or physical attack on the election infrastructure, whether election systems or processes are interconnected or not, could potentially lead to overall election system dysfunction, errors in vote count, delays in voting results and erroneous election reporting,” the NTT report said.
NTT claimed the most important elements of security are those which attackers will most likely target first, and the first line of defense against cyber-intrusion, and other threats, “must be a secure and resilient US election infrastructure.” NTT determined the threats to be in three areas:
Threats to pre-election activities could include:
- Attacks of voter registration information could involve tampering with or deleting voter registration details so that the potential voter is unregistered and thus unable to vote.
- Malware planted on a voter registration system could compromise the integrity of that data.
- Voters’ data could be mined for personal identifying information and held for ransom, or it could be sold for criminal profit on the dark web.
- Threats to elections day activities: Voting on a Direct Record Electronic (DRE) voting machine could be susceptible to physical damage by a cyber-attack, while election results submitted electronically, or via email on election night, face cyber-threats, and an attacker could plant malware on the optical scan machine at any point from warehouse, to delivery, to set up at polling locations.
- Threats to post-election activities: NTT admitted these are reduced, as the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency published the Cyber Incident Detection and Notification Planning Guide for Election Security among materials to help state and local election officials strengthen their election security.
NTT’s analysts recommend following the latest cybersecurity practices and maintaining good cyber-hygiene as a first line of defense against cyber-intrusions, as well as having proper patching and update processes, and proper custodianship of hardware and security awareness.
In an email to Infosecurity, Jake Moore cybersecurity specialist at ESET, said he believed threat actors are clearly ready to attack what promises to be the hottest election yet, and there will no doubt be greater kudos to gain than ever, as the world watches on. “Ransomware is a significant threat to all organizations at the best of times, but the spotlight of the election will add a huge amount of interest from criminal gangs from all over the globe,” he said. “Ransomware is a genuine threat, but arguably no more likely than a DDoS or data breach. Threat actors of all types will be doing what they do best: looking for weaknesses and vulnerabilities to exploit in the hopes of a huge financial gain.”
Red Sky Alliance has been has analyzing and documenting cyber threats for 9 years and maintains a resource library of malware and cyber actor reports. The installation, updating and monitoring of firewalls, cyber security and proper employee training are keys to blocking attacks. Please feel free to contact our analyst team for research assistance and Cyber Threat Analysis on your organization.
What can you do to better protect your organization and your vote today?
- All data in transmission and at rest should be encrypted.
- Proper data back-up and off-site storage policies should be adopted and followed.
- Implement 2-Factor authentication company wide.
- Join and become active in your local Infragard chapter, there is no charge for membership. infragard.org
- Update disaster recovery plans and emergency procedures with cyber threat recovery procedures. And test them.
- Institute cyber threat and phishing training for all employees, with testing and updating.
- Recommend/require cyber security software, services and devices to be used by all at home working employees and consultants.
- Review and update your cyber threat and information security policies and procedures. Make them a part of all emergency planning and training.
- Ensure that all software updates and patches are installed immediately.
- Enroll your company/organization in RedXray for daily cyber threat notifications are directed at your domains. RedXray service is $500 a month and provides threat intelligence on nine (9) cyber threat categories including Keyloggers, with having to connect to your network. Ransomware protection is included at no charge for RedXray customers.
- Purchase annual cyber insurance coverage from Red Sky Alliance provided by Cysurance.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or email@example.com.
Red Sky Alliance can help protect with attacks such as these. We provide both internal monitoring in tandem with RedXray notifications on ‘external’ threats to include, botnet activity, public data breaches, phishing, fraud, and general targeting.
Red Sky Alliance is in New Boston, NH USA. We are a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or firstname.lastname@example.org