Influential Organizations and Individuals or Those With Ties to Government or Political Institutions May be Targets for Cyber Attacks
Last fall I wrote about cyber as the latest front on the election battlefield. This was based on two trends that emerged during the 2016 U.S. Presidential election cycle – a series of network breaches that resulted in leaked information, and an uptick in concerns over threats to voting systems. This proved to be a sign of things to come. Since then, similar activities have been reported surrounding elections in The Netherlands and France. With elections coming up in the UK in June and Germany in September what type of cyber interference might we expect? And, more importantly, what steps can we take to mitigate risk?
In the case of the UK elections, two factors are working against cyber attackers – because it is a snap election threat actors haven’t had as much time to prepare, and voting is still paper based. However the UK’s National Cyber Security Centre warns that the political parties themselves remain targets as do parliament, constituency offices, think tanks and individuals’ email accounts. Based on previous observations and reports, following are the most likely activities we can expect to see that could lead to interference with future elections.
Network Intrusions: Network intrusions are typically conducted for intelligence-gathering purposes, potentially with a view to making sensitive information public as part of an influence operation designed to discredit a political candidate. Political parties, government organizations and enterprises with an interest in future policy decisions may be targeted. Social engineering and spear-phishing continue to be the most successful vectors of attacks – a trend that is highly unlikely to change for the foreseeable future.
Public Data Leakage: An ideologically motivated actor may attempt to release sensitive or confidential information citing freedom of information and the fulfilment of a public service. They may obtain this information for the purposes of public data leakage in a variety of ways, including phishing and social engineering attempts, network intrusions and data exfiltration, inadvertent exposure through public facing databases and applications, or even collaborating with insiders to steal documents.
Hacktivism: Hacktivist actors are most often motivated by public attention, either for themselves or the issues they claim to represent. DoS attempts, website defacements and public data leaks achieved through techniques such as SQL injection are the most common types of attacks. Hactivists may also use social media to raise awareness, for example using “tweet storms,” where tweets from multiple Twitter accounts sympathetic to an ideology would be directed at certain targets, or used to start a trend on social media platforms.
False media reports: We’ve heard a lot about “fake news” as of late, but threat actors may indeed disseminate false information to influence public opinion or discredit a particular candidate. They may use a wide variety of media including established online publications, spoof news sites, or through fake social media profiles on LinkedIn, Facebook and Twitter.
Influential organizations and individuals or those with ties to government or political institutions may be targets for such attacks. With knowledge of the types of cyber activities that may occur during election season, here are five steps security professionals can take to mitigate risk.
1. Update security awareness training with adequate phishing training for employees to help reduce the cases of network intrusion and public data leaks. Verizon’s 2017 Data Breach Investigations Report states that social attacks were used in 43% of all breaches with phishing being the most common social tactic, accounting for 93% of such incidents.
2. Properly secure public-facing applications to reduce the possibility of sensitive information being unwittingly shared.
3. Monitor for suspicious activity, such as accessing resources that have not been accessed in the past or at hours when the employee is not typically on the job, to identify a potential insider threat or an instance of credential compromise.
4. Identify instances of fake or spoofed social media profiles for your top executives, other well-known figures in your organization, or the organization itself to stop bad actors from hijacking identities to influence public opinion.
5. Track the emergence of hacktivist actors and dedicated campaigns and assess your level of risk so you take action to proactively strengthen defenses and remediate vulnerabilities.
There have been real concerns about cyber interference with respect to elections, and strong response – from security agencies issuing warnings and advice to remain vigilant against attacks, to the Dutch deciding to count votes manually, in lieu of their usual electronic method, to mitigate any potential for interference. While systems and individuals across a wide swath of organizations are possible targets, “forewarned is forearmed” as the saying goes – there’s much we can do to mitigate risk.