Today's email attackers are using advanced techniques to supercharge their campaigns. With sophisticated social engineering tactics, automated domain generation, and advanced strains of polymorphic malware, cybercriminals are able to evade traditional detection mechanisms. And with one-quarter of successful phishing breaches executed by state-affiliated actors, politicians and political organizations find themselves targeted by those not only seeking financial reward, but looking to manipulate their targets, spread misinformation, or even influence the course of world politics.
To get a glimpse of the widespread chaos that can stem from compromised emails, we need look no further than the 2016 US presidential election, when leaked communications and other confidential documents from the DNC damaged the reputation of the political party in a capacity that had a significant impact on the election. More recently, the Twitter hack of July 2020 likely used an attack method similar to a phishing attack - resulting in the accounts of prominent organizations and figures such as Apple Inc. and Barack Obama tweeting out fraudulent messages, intending to scam viewers.
As malicious spear-phishing emails continue to slip through legacy security tools, which look for known indicators of threat observed in historical attacks, the state of email defenses could well make an impact on this year's presidential election. With attackers updating their techniques faster than ever, the average lifespan of an email attack has shrunk to a matter of hours, not days. Soon, the emergence of offensive AI will enable cyber-criminals to launch attacks at a speed and scale previously unimaginable.
Here, we look at three ways email attacks may threaten the very foundations of democracy in this year’s elections.
Leaking sensitive documents
The 33,000 pages of emails leaked on anti-secrecy website WikiLeaks became one of the defining features of the 2016 election, revealing classified communications from within the DNC. Nation-state actors appeared to be behind the attack, which involved sending spear-phishing emails targeting more than 300 individuals affiliated with the party. These emails enabled malware to explore the computer networks of the DNC and harvest tens of thousands of emails and attachments, which were saved and released strategically to distract the public from media events that were either beneficial to the Clinton campaign or harmful to Trump's.
Since then, spear-phishing attacks have only become more sophisticated and targeted, using information gathered from social media during reconnaissance campaigns to produce a 40-fold higher click-through rate than untargeted attacks. With a high-profile UK politician recently falling victim to an email attack, leading to the release of unclassified trade documents, it is clear that the lessons of 2016 are not yet fully learned.
Direct compromise of voters' data
In addition to politicians and campaigns, election administrators themselves can become victim to malicious emails seeking to undermine democratic processes. One-hundred days into the 2020 campaign, many election administrators still lacked basic controls to prevent phishing. Attackers will look to capitalize on this, viewing email as the easiest route into the network.
Once a phishing attack is successful, cyber-criminals may wish to harvest voters' data in preparation for targeted misinformation campaigns, or deploy malware that throws election administration into chaos and undermines the democratic process in general. Ransomware can encrypt critical files at machine speed, with cyber-adversaries demanding payment in bitcoin for their return.
However, it may not take a high-profile breach for harmful emails to have a significant impact on results – their effect could be more subtle. Advanced spoofing techniques used by attackers can produce legitimate-looking emails supposedly from politicians or political organizations, that are in fact fakes intending to subtly undermine the apparent sender by including controversial or factually incorrect material.
Indeed, the Black Hat 2020 Attendee Survey recently found that 71% of the surveyed security professionals agree that the election will be most greatly impacted by systemic disinformation campaigns designed to smear the reputation of a candidate.
With the onset of the pandemic, 130,000 domains related to COVID or remote working were created, as cyber criminals sought to take advantage of the uncertainty. With the election now in full swing, we can expect to see a similar uptake – many of these being purchased by those with malintent. The reality is that with increasingly sophisticated social engineering tactics – and offensive AI on the horizon – we need an adaptive approach to email security that can react to the threats of today and tomorrow.
Cyber warfare: How AI reveals digital fakes
The vast majority of security tools relied upon today analyze emails in isolation, against a list of "known bad" IPs, domains, and file hashes. This legacy approach routinely fails to spot the subtle indicators of advanced and novel attacks that slip through these filters by design.
Recognizing the widening gap between the sophistication of attackers and traditional defense methods, hundreds of organizations are adopting a fundamentally new approach, and turning to AI to spot the subtle deviations from "normal," stopping malicious email activity regardless of whether the threat has been seen before. This cyber AI technology works by learning on the job, building a "pattern of life" for every email user, their peers, and the wider organization.
Rather than relying on rules and signatures, the AI analyzes the typical behavior of the sender, the recipient, and thousands of data points around every email to understand whether that particular communication is anomalous and indicative of a cyber threat. Hundreds of organizations, both public and private, now rely on Cyber AI to protect their email and organization as a whole.
With the November election vulnerable to disruption and interference in the cyber realm, organizations must turn to a new approach to email security – with AI augmentation no longer just a "nice to have," but a necessity in the modern threat landscape.
Based in New York, Dan is the Director of Email Security Products for the Americas. He joined Darktrace’s Technical Team in 2015, helping customers quickly achieve a complete and granular understanding of Darktrace’s world-leading Cyber AI Platform and products. Dan has a particular focus on Antigena Email, ensuring that it is effectively deployed in complex digital environments, and works closely with the development, marketing, sales, and technical teams. Dan holds a Bachelor’s degree in Computer Science from New York University.