Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

11/3/2020
06:30 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Securing the 2020 Election: 'We're Not Out of the Woods Yet'

Election Day brought instances of misinformation, robocalls, and technical glitches, but officials are more worried about coming days and weeks.

Election Day in the US followed an unprecedented season of security alerts, disinformation campaigns, and speculation as to how foreign actors could interfere in the 2020 presidential race. While Nov. 3 has been relatively calm so far, we're not out of the woods yet, a senior Cybersecurity Infrastructure and Security Agency (CISA) official said in a news briefing.

Related Content:

A Mix of Optimism and Pessimism for Security of the 2020 Election

The Changing Face of Threat Intelligence

New on The Edge: 9 Cyber Disaster-Recovery Planning Tips for a Disaster-Prone Time

"At this point, this just looks like any other Election Day … even just another Tuesday," the official said. There has so far been no sign of foreign adversaries successfully compromising or affecting votes cast in the election. 

But the process is only getting started. One senior CISA official likened today to "halftime," warning there may still be efforts to interfere with this election in days and weeks to come. Today saw some instances of disinformation targeting voters in specific states, as well as a few technical glitches that forced some polling places to fall back on their paper pollbooks.

Michigan Attorney General Dana Nessel reports robocalls targeting residents of Flint, Michigan, with the message that "due to long lines, they should vote tomorrow." This is an obviously false statement and an effort to suppress the vote, she said. Robocalls are a voter intimidation tactic often seen in elections; the FBI is reportedly investigating this incident, the DHS says. 

In Franklin County, Ohio's largest, some voters experienced delays due to a shift to paper pollbooks. A digital file containing data on early voters was too large and could not be synced to electronic pollbooks, forcing poll workers to switch to paper. While this can be attributed to a technical glitch and not a cyberattack, the backup plan aligns with the message of resilience that officials say has been a key part of state and local partnerships leading up to the election.

Foreign activity in the 2020 election has so far been lower than in 2018, CISA officials said, citing the "improved resilience" and national conversation about issues such as disinformation. Social media companies such as Facebook and Twitter have both acted to fight fraudulent content.

"Social media platforms have taken major steps to improve their security and protection against disinformation and attacks by third-party actors," says Victoria Mosby, federal mobile security expert at Lookout. "In particular, Facebook and Twitter are seen as the largest platform for disinformation and both have gone to great lengths to counter this issue." Twitter, for example, announced measures to delete tweets calling for violence around election results.

It's Still Early, Officials Say

This election has been top-of-mind for security officials since the chaos surrounding the 2016 race. The government has improved visibility into election infrastructure and now has intrusion detection system monitors installed across all 50 states. The State Department announced a reward of up to $10 million for information leading to people engaging in election interference on behalf of a nation-state. CISA's "Rumor vs. Reality" page aims to combat mis- and dis-information.

The FBI and the DHS CISA have warned of interference attempts by Iranian and Russian actors. In one instance, Iranian attackers spoofed emails to voters and published a video meant to cause confusion and undermine confidence in the election process. Russia-backed threat group Energetic Bear has reportedly targeted dozens of US state, local, territorial, and tribal government networks since Sept. 2020, CISA reported

Government actions to secure the 2020 election also include a two-week operation against Iran, the Washington Post reports. General Paul Nakasoke, who heads the NSA and military cyber command, said in an interview on Tuesday that he was "very confident in actions" against adversaries over the past several weeks and months to protect against interference. This reportedly followed the attack in which Iranian actors sent emails to threaten voters.

While foreign activity has so far been quiet on election day, CISA officials say they're not letting their guard down. Now is the time when polls are closing; when numbers and unofficial results start going up; when we might see disruption due to defacement or denial-of-service attacks.

"A defaced or manipulated election night reporting webpage would not impact the counting or the certification of official results," CISA posted in a tweet, noting the results on election night are unofficial. Website defacements related to elections could be intended to undermine confidence in the election process, which will remain a concern as the votes are counted.

"I don't think the impact on the tabulation, and the counting of votes is going to come to fruition," says John Dickson, principal at Denim Group. "There might be influence operations, but no disruption of polling." Tonight - when all eyes are on the Web, the news, and the election reporting - is the more susceptible time for interference activity to occur, he points out.

Given the window in which malicious cyber activity could still occur, security experts urge voters to remain patient, seek news in trusted sources, and keep in mind that technical glitches occur – not every disruption might be related to a cyberattack. Voters should keep in mind how voting has been affected by the pandemic and there may not be a final result for days to come.

"Everybody is acutely and intensely focused on ensuring that this election is as secure as humanly possible," one senior official said.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31755
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31756
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /gofrom/setwanType allows attackers to execute arbitrary code on the system via a crafted post request. This occurs when input vector controlled by malicious attack get copie...
CVE-2021-31757
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31758
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setportList allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31458
PUBLISHED: 2021-05-07
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...