Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

10/8/2019
08:25 AM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Iranian Cyberattack on US Presidential Campaign Could Be a Sign of Things to Come

Political parties and election systems will be heavily targeted in the months leading up to the 2020 general elections, some security experts say.

A recently detected Iranian cyberattack targeting a US presidential campaign may well be a harbinger of what's in store for political parties and election systems in the run-up to next year's general elections.

Last Friday Microsoft disclosed it had observed significant threat activity over the past two months by Phosphorus, a threat group believed linked to the Iranian government. Phosphorus, which is also known as APT25 and Charming Kitten, made over 2,700 attempts to break into specific email accounts belonging to Microsoft customers. In many cases, Phosphorus used information about the targets — including phone numbers and secondary email addresses — to try and infiltrate their email accounts.

In the end, Phosphorus attacked 241 targeted email accounts and eventually managed to compromise four of them.

In a blog Friday, Microsoft corporate vice president Tom Burt described the targeted accounts as being associated with a US presidential campaign, current and former US government officials, journalists covering politics, and Iranian nationals residing outside the country. The four accounts that were actually breached, however, were not connected to the presidential campaign or to the government officials.

Bart did not offer any insight on possible motives for the attacks. But he said Microsoft was releasing the information as part of its effort to be transparent about nation-state sponsored cyberattacks aimed at disrupting democratic processes.

Concerns over such attacks have been rampant since 2016, when news emerged of Russian hackers breaking into a system belonging to the Democratic National Committee as well as their attacks on state election infrastructure around the country.

In a heavily redacted report published in July, the Senate Intelligence Committee concluded that Russian hackers in 2015 and 2016 likely tried to break into election systems in all 50 states. The committee said Russian government-affiliated cyber actors "conducted an unprecedented level of activity against state election infrastructure in the run up to the 2016 U.S. election."

The attacks exposed critical vulnerabilities in election infrastructure at the state and local level, including insecure voter registration databases and aging voting machines that were susceptible to exploitation. News of the attacks have also promoted the impression that US voting systems are insecure, which is what Moscow might have wanted to achieve in the first place, the report said.

More Attacks on the Way
Many of the vulnerabilities from 2016 still exist and will likely be targeted in coming months by cybergroups based in nations that are hostile to US interests, security researchers say.

"We should expect to see attacks against election systems, elected officials, and candidates to only increase as the 2020 elections get closer," says John Pescatore, director of emerging security trends at the SANS Institute.

The US, UK, France, China, Russia, Iran, and North Korea all have very active espionage programs against each other and other targets, says Pescatore, a former NSA analyst. In recent years, election and census systems have become part of the espionage mission for these programs, he says. "Such attacks are just a normal part of espionage these days [for them]," Pescatore notes.

The good news is that despite relative inaction at the federal level, many states are taking positive steps to address gaps in their election infrastructure with help from members of the IT vendor and security community. "While the presidential election is for a national candidate, it is really run like 50-plus state elections that get added together at the end," Pescatore says. "[So] the local efforts are really the most important."  

Joseph Carson, chief security scientist at Thycotic, views the recent Iranian cyberattacks as a response to US sanctions and other actions against the government in that country. "Moving forward, I believe that cyberattacks are going to get more aggressive in the lead-up to the US presidential election," Carson says.

The attacks are more likely to target President Trump due to his political stance and recent sanctions against Iran. "Like most cyberattacks, attribution is going to be difficult, and many of these cyberattacks will appear to come from other countries, or even from within the US, occurring from compromised, poorly protected systems," he predicts.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "Active Directory Security Tips for Your Poor, Neglected AD."

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Human Nature vs. AI: A False Dichotomy?
John McClurg, Sr. VP & CISO, BlackBerry,  11/18/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: -when I told you that our cyber-defense was from another age
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15073
PUBLISHED: 2019-11-20
An Open Redirect vulnerability for all browsers in MAIL2000 through version 6.0 and 7.0, which will redirect to a malicious site without authentication. This vulnerability affects many mail system of governments, organizations, companies and universities.
CVE-2019-15072
PUBLISHED: 2019-11-20
The login feature in "/cgi-bin/portal" in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via any parameter. This vulnerability affects many mail system of governments, organizations, companies and universities.
CVE-2019-15071
PUBLISHED: 2019-11-20
The "/cgi-bin/go" page in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via ACTION parameter without authentication. The code can executed for any user accessing the page. This vulnerability affects many mail syste...
CVE-2019-6176
PUBLISHED: 2019-11-20
A potential vulnerability reported in ThinkPad USB-C Dock Firmware version 3.7.2 may allow a denial of service.
CVE-2019-6184
PUBLISHED: 2019-11-20
A potential vulnerability in the discontinued Customer Engagement Service (CCSDK) software version 2.0.21.1 may allow local privilege escalation.