What Can We Expect from Election Hack Escalations?

Hacking efforts targeting the US presidential campaigns are in full swing. Hackers breached the Donald Trump campaign and leaked documents, The New York Times reports. Kamala Harris’ campaign has also been subject to breach attempts.  

This malicious cyber activity is not unexpected. “Cybersecurity experts have been saying it's highly likely that we're going to be targeted by foreign nations yet again, for them to interfere in the election. I think this is evidence of that happening,” Adam Marrè, CISO of cybersecurity company Arctic Wolf and a former FBI special agent/cyber investigator, tells InformationWeek.  

What kind of cyber activity can we expect to see as the election nears, and how can the targets and their vendors defend against these ongoing threats?  

The Hack  

The hackers behind the attack on Trump’s campaign stole documents, which they sent to news outlets, including POLITICO, The New York Times, and The Washington Post. The Trump campaign pointed the finger at Iran.  

On Aug. 9, the Microsoft Threat Analysis Center (MTAC) published a report describing how a threat actor, known by names that include Mint Sandstorm and APT42, sent a “…spear-phishing email to a high-ranking official of a presidential campaign from a compromised email account of a former senior advisor.”  

Related:What Does the US-Russia Prisoner Swap Mean for Ongoing Cybercrime?

As a part of the targeted attack on the Trump campaign, hackers compromised the personal email account of Roger Stone, a Trump political advisor, according to CNN.  

APT42 is associated with the intelligence unit of Iran’s Islamic Revolutionary Guard Corps (IRGC). Over the past six months, the group has targeted individuals linked with both US presidential campaigns, according to a report from Google’s Threat Analysis Group (TAG).  

The FBI is investigating the hack of the Trump campaign as well as other suspected attempts by Iran to hack both presidential campaigns, according to The Washington Post.  

Election Security Threats 

The threat actors who target presidential campaigns and election security have various objectives: gather intelligence, leak documents to sway public opinion, voter suppression, misinformation, retribution, and chaos. 

While Iran appears to be behind the recent hack of the Trump campaign, it is not the only nation state to launch cyberattacks related to the upcoming US election. China, Russia, and North Korea also have motive and means to carry out cyber campaigns.  

“One of the things that I could imagine many of our foreign adversaries would like is us focusing on ourselves and our own political process and not out watching what other nations are doing in the world,” says Marrè.  

Related:Facing Cyberthreats and Misinfo in a Tense Political Climate

While nation state activity is a definite threat to election security, there is a potential for domestic threats as well. Arctic Wolf conducted a survey of more than 130 state and local government leaders in the US, and 19.9% reported the United States as the region of most concern as a source of election interference. Threat actors in the US could use hacking as a means to damage either presidential campaign or to compromise election security.  

Hackers are likely to continue to launch phishing attacks, leverage social engineering, deliver malware, and look for other ways to harvest privileged credentials in service of their goals.

“I do think we will see continued efforts like this with spear phishing and phishing campaigns against the political campaigns but also against other organizations like the national committees of our parties and maybe even against election workers, especially those in the battleground states,” Marrè adds.  

Threat actors could amplify these tactics with AI. The use of deepfakes, for example, is at play. The technology could make it appear as if political candidates say anything a threat actor may deem useful.  

Related:What Can Be Learned from KnowBe4’s North Korean IT Hire?

“The primary concern is not just that deepfakes might mislead individuals, but rather that they could erode public trust in legitimate content, making it difficult to discern truth from fabrication,” Max Gannon, intelligence team manager at Cofense, an email security company, tells InformationWeek in an email interview.  

Understanding the Attack Surface 

Political campaigns and government entities have an obligation to be aware of these threats and prepare for them. Education, among other cybersecurity strategies, is vital.  

“Vigilance against sophisticated phishing attacks is crucial -- employees must be educated on recognizing and reporting phishing attempts. It only takes one individual clicking a link to compromise an entire organization’s security,” Gannon says.  

But the attack surface is vast, comprising a complicated network of third-party suppliers.  

“Third-party suppliers are a big cybersecurity concern for many organizations and for political campaigns. It's no longer your attack surface. But it's an attack surface of all the contractors, suppliers of companies that you do business with who provide services to you,” says Aleksandr Yampolskiy, CEO of SecurityScorecard, a cybersecurity ratings company.  

What responsibility do these providers have when it comes to the onslaught of cyberattacks threatening the US political process? 

Cybersecurity has garnered attention at the federal level. For one, The Cybersecurity and Infrastructure Security Agency (CISA) is championing its Secure By Design initiative, which calls for software manufacturers to take ownership of customer security outcomes and to be transparent in how they approach security.  

“There needs to be transparency on how diligent these organizations are,” Yampolskiy argues.  

In addition to government agencies’ focus on cybersecurity, customers are increasingly aware of the vital role their software vendors play in keeping them safe and the consequences when vulnerabilities are found and exploited. That awareness is not always coupled with the necessary resources.  

“The private sector is very much on top of the game. But I think especially many state and local governments might not always have the resources to [get] the right protection,” says Yampolskiy.  

CISA’s Secure by Design pledge is voluntary. But as attacks on the presidential campaigns and entities involved in the election unfold, it is possible regulators will react and require changes from third-party vendors.  

“Unfortunately, it'll probably be after the fact given that we have so few days until the election,” says Marrè.  

Regardless of any future regulatory action, political candidates and election security are now under attack by hackers.  

Yampolskiy stresses the importance of resilience. He points to one potential technique employed by French President Emmanuel Macron’s team in 2017. They created a series of false email accounts and fake documents to confuse and slow hackers.  

“Governments, campaigns, and private entities need to adopt a resilient mindset,” Yampolskiy urges. “Assume that the adversary is going to get in sooner later. Then, how do you design your infrastructure in a way that makes it very hard to exfiltrate sensitive documents?”