Ransomware could pose a significant threat to the US election infrastructure, as aging software and potentially vulnerable voting machines could be targeted by criminal elements or by foreign-based cyber-attacks.
According to NTT Ltd.’s global threat report for September, ransomware could be deployed and lay in wait to be activated on election day, or once voting machines are activated, and could pose a significant threat to voting processes and procedures, potentially bringing voting operations to a halt.
“Election threats from ransomware, or from other types of cyber-attacks, do not come solely from foreign governments,” the report said. “Cyber-attacks against the US election infrastructure can be launched by any criminal threat actor seeking financial gain.”
NTT claimed the US elections in November will involve a “a high stakes endeavor” in terms of ensuring and maintaining security, and threats to the US voting processes could involve: foreign interference, disinformation campaigns, potential changes in the US Postal Service operating procedures, ransomware attacks, aging technology (including hardware and end-of-life software), voter role purge, voter apathy – and particularly for this year – the fear of COVID-19 contagion at voting precincts.
“A cyber or physical attack on the election infrastructure, whether election systems or processes are interconnected or not, could potentially lead to overall election system dysfunction, errors in vote count, delays in voting results and erroneous election reporting,” the report said.
NTT claimed the most important elements of security are those which attackers will most likely target first, and the first line of defense against cyber-intrusion, and other threats, “must be a secure and resilient US election infrastructure.” NTT determined the threats to be in three areas:
Threats to pre-election activities: Attacks of voter registration information could involve tampering with or deleting voter registration details so that he potential voter is unregistered and thus unable to vote. Also malware planted on a voter registration system could compromise the integrity of that data. Finally, voters’ data could be mined for personal identifying information and held for ransom, or it could be sold for criminal profit on the dark web.
Threats to election day activities: Voting on a Direct Record Electronic (DRE) voting machine could be susceptible to physical damage by a cyber-attack, while election results submitted electronically, or via email on election night, face cyber-threats, and an attacker could plant malware on the optical scan machine at any point from warehouse, to delivery, to set up at polling locations.
Threats to post-election activities: NTT admitted these are reduced, as the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency published the Cyber Incident Detection and Notification Planning Guide for Election Security among materials to help state and local election officials strengthen their election security.
NTT’ analysts recommend following the latest cybersecurity practices and maintaining good cyber-hygiene as a first line of defense against cyber-intrusions, as well as having proper patching and update processes, and proper custodianship of hardware and security awareness.
In an email to Infosecurity, Jake Moore, cybersecurity specialist at ESET, said he believed threat actors are clearly ready to attack what promises to be the hottest election yet, and there will no doubt be greater kudos to gain than ever, as the world watches on.
“Ransomware is a significant threat to all organizations at the best of times, but the spotlight of the election will add a huge amount of interest from criminal gangs from all over the globe,” he said.
“Ransomware is a genuine threat, but arguably no more likely than a DDoS or data breach. Threat actors of all types will be doing what they do best: looking for weaknesses and vulnerabilities to exploit in the hopes of a huge financial gain.”
He concurred with NTT Ltd’s advice on maintaining good cyber-hygiene – such as timely patches and updates – as well as offering the best, most up-to-date awareness advice to all staff, to help protect against the inevitable barrage of attacks.
Rory Duncan, security GtM leader at NTT Ltd for UK&I, said one of the advantages to having a global view of threats and research (from our Global Threat Intelligence Center – GTIC) is it is able to see how geo-political events impact outside the immediate areas of focus. "While we’ve been looking at the impact of cyber-disruption inside the US around the presidential elections, we can also see that there is an uptick in activity outside the US," he said.
“It’s also interesting to see that many of the challenges identified are the same as we see in other environments – visibility of emerging threats, patching and updating outdated software and hardware – but also that targeted threats and compromise of connected devices is a common part of the arsenal of techniques, tactics and procedures used by attackers.”