Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

10/8/2019
08:25 AM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Iranian Cyberattack on US Presidential Campaign Could Be a Sign of Things to Come

Political parties and election systems will be heavily targeted in the months leading up to the 2020 general elections, some security experts say.

A recently detected Iranian cyberattack targeting a US presidential campaign may well be a harbinger of what's in store for political parties and election systems in the run-up to next year's general elections.

Last Friday Microsoft disclosed it had observed significant threat activity over the past two months by Phosphorus, a threat group believed linked to the Iranian government. Phosphorus, which is also known as APT25 and Charming Kitten, made over 2,700 attempts to break into specific email accounts belonging to Microsoft customers. In many cases, Phosphorus used information about the targets — including phone numbers and secondary email addresses — to try and infiltrate their email accounts.

In the end, Phosphorus attacked 241 targeted email accounts and eventually managed to compromise four of them.

In a blog Friday, Microsoft corporate vice president Tom Burt described the targeted accounts as being associated with a US presidential campaign, current and former US government officials, journalists covering politics, and Iranian nationals residing outside the country. The four accounts that were actually breached, however, were not connected to the presidential campaign or to the government officials.

Bart did not offer any insight on possible motives for the attacks. But he said Microsoft was releasing the information as part of its effort to be transparent about nation-state sponsored cyberattacks aimed at disrupting democratic processes.

Concerns over such attacks have been rampant since 2016, when news emerged of Russian hackers breaking into a system belonging to the Democratic National Committee as well as their attacks on state election infrastructure around the country.

In a heavily redacted report published in July, the Senate Intelligence Committee concluded that Russian hackers in 2015 and 2016 likely tried to break into election systems in all 50 states. The committee said Russian government-affiliated cyber actors "conducted an unprecedented level of activity against state election infrastructure in the run up to the 2016 U.S. election."

The attacks exposed critical vulnerabilities in election infrastructure at the state and local level, including insecure voter registration databases and aging voting machines that were susceptible to exploitation. News of the attacks have also promoted the impression that US voting systems are insecure, which is what Moscow might have wanted to achieve in the first place, the report said.

More Attacks on the Way
Many of the vulnerabilities from 2016 still exist and will likely be targeted in coming months by cybergroups based in nations that are hostile to US interests, security researchers say.

"We should expect to see attacks against election systems, elected officials, and candidates to only increase as the 2020 elections get closer," says John Pescatore, director of emerging security trends at the SANS Institute.

The US, UK, France, China, Russia, Iran, and North Korea all have very active espionage programs against each other and other targets, says Pescatore, a former NSA analyst. In recent years, election and census systems have become part of the espionage mission for these programs, he says. "Such attacks are just a normal part of espionage these days [for them]," Pescatore notes.

The good news is that despite relative inaction at the federal level, many states are taking positive steps to address gaps in their election infrastructure with help from members of the IT vendor and security community. "While the presidential election is for a national candidate, it is really run like 50-plus state elections that get added together at the end," Pescatore says. "[So] the local efforts are really the most important."  

Joseph Carson, chief security scientist at Thycotic, views the recent Iranian cyberattacks as a response to US sanctions and other actions against the government in that country. "Moving forward, I believe that cyberattacks are going to get more aggressive in the lead-up to the US presidential election," Carson says.

The attacks are more likely to target President Trump due to his political stance and recent sanctions against Iran. "Like most cyberattacks, attribution is going to be difficult, and many of these cyberattacks will appear to come from other countries, or even from within the US, occurring from compromised, poorly protected systems," he predicts.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "Active Directory Security Tips for Your Poor, Neglected AD."

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/14/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Why Cybersecurity's Silence Matters to Black Lives
Tiffany Ricks, CEO, HacWare,  7/8/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-14499
PUBLISHED: 2020-07-15
Advantech iView, versions 5.6 and prior, has an improper access control vulnerability. Successful exploitation of this vulnerability may allow an attacker to obtain all user accounts credentials.
CVE-2020-14501
PUBLISHED: 2020-07-15
Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-306) issue. Successful exploitation of this vulnerability may allow an attacker to obtain the information of the user table, including the administrator credentials in plain text. An attacker may also ...
CVE-2020-14503
PUBLISHED: 2020-07-15
Advantech iView, versions 5.6 and prior, has an improper input validation vulnerability. Successful exploitation of this vulnerability could allow an attacker to remotely execute arbitrary code.
CVE-2020-14497
PUBLISHED: 2020-07-15
Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials, read or modify information, and remotely execute code.
CVE-2020-14505
PUBLISHED: 2020-07-15
Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in a command (“command injection�) vulnerability. Successful exploitation of this vulnerability may allow an attacker to send a HTTP GET or POST request that create...