As part of our effort to inform our clients about potential and serious cybersecurity issues, MCP provides advisories about vulnerabilities and exploits that could threaten the operations of their critical communications networks. Sign up to receive these advisories in your inbox as soon as they are released.
This week, there is a new critical alert that requires the mission-critical community’s immediate attention.
Advisory Overview
With the United States presidential election less than two weeks away, cybercriminal and “hacktivist” activity has grown. Recent phishing and disinformation campaigns may threaten the election’s validity on a large scale, as well as the security of voters’ personal identifiable information (PII) such as their social security number.
Technical Detail and Additional Information
What is the threat?
With only two weeks remaining until election day, cybercriminals are ramping up their attacks on prospective U.S. voters via phishing campaigns. One such campaign was investigated by KnowBe4, a popular security awareness training platform. The details of the attack involved phishing attacks that spoofed an Arizona state voting service website and targeted voters in an attempt to steal their PII. The campaign stretched as far as Wisconsin, where users reported receiving the email asking for additional voter registration information.
In addition to phishing, the Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI), and the Cybersecurity and Infrastructure Security Agency (CISA) have stated that there are numerous hacktivist and nation state-generated advanced persistent threats (APTs) in the form of ongoing disinformation campaigns. These campaigns are intended to cause confusion and distrust concerning the United States’ ability to handle the election securely, and to influence voters regarding their choice of presidential candidate. One example is Russia capitalizing on voter hesitancy to utilize mail-in ballots due to the COVID-19 pandemic and actively attempting to undermine trust in the election process. It is important to note that these examples are not the only ongoing campaigns, and that that many more are expected soon.
Why is this noteworthy?
These ongoing and anticipated campaigns are or will be widespread, and they are attempting to influence voters, polls, media, and the election. The disinformation campaigns have the potential to influence millions of voters in the U.S. during presidential elections every four years. The phishing campaigns also have the potential to undermine the election process via fraudulent ballots, which could be obtained using stolen PII. Lastly, phishing campaigns related to voter registration can cause victims to divulge more PII than required, such as a driver’s license number or even a social security number, which can lead to identity theft.
What is the exposure or risk?
These threat actors are able to reach everyone in the general public with their attacks. Nation-state actors, as reported by the FBI and CISA, are utilizing various social media platforms to spread false information to voters to discredit the security of the election. It should also be noted that the FBI and CISA have stated that no information suggests that any cyberattack on election infrastructure will occur.
The phishing campaigns also have a large attack surface, as they compromise more accounts and organizations. The current, widespread Emotet campaign is a perfect example of such an attack.
What are the recommendations?
Recommendations for protecting your organization from disinformation and phishing attempts are listed below:
- Phishing: Maintain good general cyber hygiene by using complex and secure passwords and utilizing multifactor authentication wherever possible. Educate yourself and your organization on how to spot phishing emails, be skeptical of external emails, and be vigilant regarding what links you click. Rely on state and local government-issued information about voter registration and systems. Read our post, "Eight Tips for Protecting Public Safety Organizations Against Phishing" for guidance on how to spot a phishing attempt.
- If you believe you have been a victim of phishing, it is imperative to notify your information technology (IT) team or information security team immediately and change all passwords.
- Disinformation: Remain informed by credible, trustworthy sources, and verify the author’s credentials and understand the intent. Be skeptical of unverified claims. If available, utilize in-platform tools to report suspicious posts that could be spreading false information.
- Report potential election crimes—such as disinformation about the manner, time, or place of voting—to the FBI.
Author Bio
Mike Beagles has specialized experience with supporting mission critical communications agencies by providing technical expertise, strategic IT planning, and architecting both on-prem and shared systems for new and innovative technologies as well as legacy solutions. He currently manages the platform and suite of tools used to deliver MCP network and cybersecurity monitoring to our clientele.
