Cybersecurity Awareness Month: Information Security and the Upcoming U.S. Midterm Election

With the U.S. midterm elections fast approaching, there has been a lot of comment about ensuring a secure and fair election process. Both the Federal Bureau of Investigations (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have released statements stressing that the agencies “have no reporting to suggest cyber activity has ever prevented a registered voter from casting a ballot, compromised the integrity of any ballots cast, or affected the accuracy of voter registration information”.

Whilst there may be no evidence of interference with voting machines and the election management systems, “security experts expect…. a variety of influence attacks to ramp up against U.S. government agencies and the campaigns of political candidates” during the upcoming midterm elections, according to a recent news article from Dark Reading. Cyber-intelligence firm Recorded Future agrees in their recent report that the U.S. should expect more of the same activities seen during the 2020 election.

Why Cyber Attackers Want to Influence Elections

The primary focus for bad actors targeting election infrastructure is to obtain personally identifiable information of voters and other valuable data, collect ransom on seized data, and generally disrupt the election voting process and undermine U.S. voter confidence in free and fair elections.

Recorded Future comments, “the key motivations for influencing U.S. elections are typically centred around adversaries’ long-term geopolitical interests and furthering their own domestic goals.”

How Could Cyber Attackers Try to Influence the Upcoming Midterms

Social Engineering and Disinformation

Social engineering uses deception to manipulate individuals into providing a particular response, generally for a fraudulent or malicious purpose. Much of the disinformation around midterms has focused on attempting to change the attitudes of undecided voters and energising supporters to get out and vote.

The most challenging aspects of modern election security to understand, let alone to protect against, are these misinformation and social influence campaigns, which come in many different forms:

• Micro-targeted political ads on social media
• Groups and fake accounts circulating false information about candidates, voting dates, polling locations
• Leaked campaign data strategically disseminated at a critical time to cause the highest possible disruption to voter thoughts and behaviour

Given the information overload of social media, this alone makes it difficult for people to tell fact from fiction when faced with disinformation. Despite efforts by federal bodies and congress to tackle this attack vector, it persists.

Phishing

Phishing forms the basis of many cyberattacks, and it’s no different regarding election interference; according to EDR firm Trellix, “threat actors are already targeting time-pressed party workers with phishing campaigns aimed at potentially spoiling ballots.”

In addition, some threat actors have already targeted county-level election workers with phishing attacks in Arizona. They’ve seen a doubling of attacks between the second and third quarters of 2022, which is not insignificant given that county-level state workers have perhaps “the most critical… (relationship)… in actual electoral engagement with voters.”

Suppose an attacker gains access to “election process documents, voter records, colleague contact lists, administrative tools, and a variety of other documents and forms” through this method. In that case, such data could be used by a threat actor to “send voters incorrect election process information to mislead them into invalidating their votes or create confusion in the lead-up to election day that undermines their confidence in the process,” said Trellix.

E-mail Compromise

Historically e-mail compromise has been well documented as a tool for cyber adversaries to attempt to compromise elections. The FBI reported, as recently as October 2021, an actual breach of the e-mail accounts of election officials in nine states in an apparent “coordinated effort”.

The malicious e-mail campaign last October included fake invoices designed to steal the e-mail passwords of election officials. In one case, the hackers used a compromised e-mail account of a U.S. official to send the e-mails, according to the FBI.

As the 2022 midterms approach, “a battleground state, Pennsylvania, has seen a dramatic increase of nearly 70% in malicious e-mail messages”, according to the Trellix Advanced Research Centre, as documented in their recent blog.

How To Stay Ahead of Cyber Interference in Electoral Process

Cybersecurity Awareness & Education

Implementing good cybersecurity training and practices on the methods and processes by which bad actors attempt to compromise systems and influence individuals’ behaviour is essential to tackle disinformation and cyber compromise. Behaviours such as:

• Using strong passwords and a password manager
• Recognising and reporting phishing

It will also make it more difficult for cyber threat actors to access and manipulate your data for illicit purposes.

As part of their advisory, the CISA and FBI recommended voters be “wary of e-mails or phone calls from unfamiliar e-mail addresses or phone numbers that make suspicious claims about the elections process or of social media posts that appear to spread inconsistent information about election-related incidents or results,”.

New York State Chief Information Security Officer Deborah Snyder commented, “Don’t get your news from Facebook; vote your mindset,” and make sure your facts come from verified sources.

Robust Technology & Information Security Management Processes

Strong cybersecurity practices also cascade down into the systems organisations and individuals use and, in the case of organisations, the policies they implement to promote robust security and information management processes.

Ensuring that information and data are managed and secured effectively enables the proper protection and mitigation of risk whilst also identifying areas of exceptionally high risk requiring remediation to improve security posture.

Implementing processes such as:

• Enabling multi-factor authentication
• Updating software

Are highly recommended to ensure you’re creating a solid security foundation to combat cyber threats and disinformation attacks.

As part of global cybersecurity awareness month, the National Cybersecurity Alliance and the Cybersecurity and Infrastructure Agency (CISA) have created a bank of tools and further information to help everyone stay safe online.