Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

10/8/2019
08:25 AM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Iranian Cyberattack on US Presidential Campaign Could Be a Sign of Things to Come

Political parties and election systems will be heavily targeted in the months leading up to the 2020 general elections, some security experts say.

A recently detected Iranian cyberattack targeting a US presidential campaign may well be a harbinger of what's in store for political parties and election systems in the run-up to next year's general elections.

Last Friday Microsoft disclosed it had observed significant threat activity over the past two months by Phosphorus, a threat group believed linked to the Iranian government. Phosphorus, which is also known as APT25 and Charming Kitten, made over 2,700 attempts to break into specific email accounts belonging to Microsoft customers. In many cases, Phosphorus used information about the targets — including phone numbers and secondary email addresses — to try and infiltrate their email accounts.

In the end, Phosphorus attacked 241 targeted email accounts and eventually managed to compromise four of them.

In a blog Friday, Microsoft corporate vice president Tom Burt described the targeted accounts as being associated with a US presidential campaign, current and former US government officials, journalists covering politics, and Iranian nationals residing outside the country. The four accounts that were actually breached, however, were not connected to the presidential campaign or to the government officials.

Bart did not offer any insight on possible motives for the attacks. But he said Microsoft was releasing the information as part of its effort to be transparent about nation-state sponsored cyberattacks aimed at disrupting democratic processes.

Concerns over such attacks have been rampant since 2016, when news emerged of Russian hackers breaking into a system belonging to the Democratic National Committee as well as their attacks on state election infrastructure around the country.

In a heavily redacted report published in July, the Senate Intelligence Committee concluded that Russian hackers in 2015 and 2016 likely tried to break into election systems in all 50 states. The committee said Russian government-affiliated cyber actors "conducted an unprecedented level of activity against state election infrastructure in the run up to the 2016 U.S. election."

The attacks exposed critical vulnerabilities in election infrastructure at the state and local level, including insecure voter registration databases and aging voting machines that were susceptible to exploitation. News of the attacks have also promoted the impression that US voting systems are insecure, which is what Moscow might have wanted to achieve in the first place, the report said.

More Attacks on the Way
Many of the vulnerabilities from 2016 still exist and will likely be targeted in coming months by cybergroups based in nations that are hostile to US interests, security researchers say.

"We should expect to see attacks against election systems, elected officials, and candidates to only increase as the 2020 elections get closer," says John Pescatore, director of emerging security trends at the SANS Institute.

The US, UK, France, China, Russia, Iran, and North Korea all have very active espionage programs against each other and other targets, says Pescatore, a former NSA analyst. In recent years, election and census systems have become part of the espionage mission for these programs, he says. "Such attacks are just a normal part of espionage these days [for them]," Pescatore notes.

The good news is that despite relative inaction at the federal level, many states are taking positive steps to address gaps in their election infrastructure with help from members of the IT vendor and security community. "While the presidential election is for a national candidate, it is really run like 50-plus state elections that get added together at the end," Pescatore says. "[So] the local efforts are really the most important."  

Joseph Carson, chief security scientist at Thycotic, views the recent Iranian cyberattacks as a response to US sanctions and other actions against the government in that country. "Moving forward, I believe that cyberattacks are going to get more aggressive in the lead-up to the US presidential election," Carson says.

The attacks are more likely to target President Trump due to his political stance and recent sanctions against Iran. "Like most cyberattacks, attribution is going to be difficult, and many of these cyberattacks will appear to come from other countries, or even from within the US, occurring from compromised, poorly protected systems," he predicts.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "Active Directory Security Tips for Your Poor, Neglected AD."

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-1001
PUBLISHED: 2019-11-21
Multiple cross-site scripting (XSS) vulnerabilities in Chyrp before 2.1.2 and before 2.5 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) content parameter to includes/ajax.php or (2) body parameter to includes/error.php.
CVE-2014-8356
PUBLISHED: 2019-11-21
The web administrative portal in Zhone zNID 2426A before S3.0.501 allows remote authenticated users to bypass intended access restrictions via a modified server response, related to an insecure direct object reference.
CVE-2015-3140
PUBLISHED: 2019-11-21
Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies SynaMan before 3.5 Build 1451, Syncrify before 3.7 Build 856, and SynTail before 1.5 Build 567
CVE-2019-19207
PUBLISHED: 2019-11-21
rConfig 3.9.2 allows devices.php?searchColumn= SQL injection.
CVE-2019-19203
PUBLISHED: 2019-11-21
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read.