Cyberthreats and the 2020 Presidential Election
The 2020 presidential election is right around the corner, and bad actors and foreign adversaries have been working to disrupt it with a barrage of cyberattacks.
In September, Microsoft warned that a Russian military cyber unit called Strontium was trying to infiltrate the Republican and Democrat campaigns and their staff. This is the same unit that attacked the Democratic National Committee in 2016.
Microsoft also said Chinese hacker group Zirconium and Iranian hacker group Phosphorus have attempted similar attacks on the Trump and Biden presidential campaigns.
Fortunately, Microsoft reported that a majority of the attacks were detected and quelled before they could cause serious damage.
What do experts believe to be the top cyberattack methods threatening the 2020 presidential election?
- Ransomware attacks: hackers lock up vital systems and sensitive data in exchange for a ransom payment.
- Brute force compromises: hackers attempt hundreds of username and password combinations to force their way into a firm or individual’s computer.
- Spear phishing: hackers target specific individuals and firms with highly tailored phishing emails. These attacks are often focused on certain people and are well-researched, unlike normal phishing campaigns, which tend to cast a wider net on many potential victims.
- Credential harvesting: hackers use phishing techniques to tempt their targets into downloading malicious software that can harvest user credentials to confidential systems and sensitive data.
- Password spraying: similar to brute force attacks, but hackers spray one password across many accounts before trying another password. These attacks can sometimes circumvent common countermeasures designed to stop brute force attacks.
So what can be done to help mitigate cyberattacks on campaigns, election sites and firms that deal with election data and processes?
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency’s website is a one-stop-shop for the latest information on current threats and how to mitigate them. A well-thought-out risk management strategy and corresponding cybersecurity plan goes a long way in interference-free election activities. In addition, organizations and individuals need to continue to be cyber vigilant and stay current on cybersecurity awareness and training. This includes familiarizing themselves with disinformation campaigns.
“CISA is committed to working collaboratively with those on the front lines of elections—state and local governments, election officials, federal partners, and vendors—to manage risks to the Nation’s election infrastructure. CISA will remain transparent and agile in its vigorous efforts to secure America’s election infrastructure from new and evolving threats,” the website says.
The website offers resources such as an election infographic series designed to “combat disinformation by equipping election officials, stakeholders, and voters with information on the mail-in voting, post-election, and election result processes.”
It also has an election disinformation toolkit to help stop the spread of election day misinformation.
And the site features an election risk profile tool and an election infrastructure cyber risk assessment.
Make no mistake: TalaTek believes campaigns, firms and individuals can stay safe this election season. To do so, they must stay cyber aware by following expert guidance on election cybersecurity safety and establishing a well-thought-out cybersecurity plan.