Election admins vulnerable to email attacks
In the run up to the 2020 elections, candidates and election officials alike appear vulnerable to phishing attacks and other cyber threats that could cause havoc in November.
According to a new report from cybersecurity firm Area 1 on the email security controls, a handful of election administrators and at least 50 candidates for public office in the 2020 are still using versions of vulnerable Exim mail servers known to have been used by threat actors linked to the Russian military.
In May, the National Security Agency issued an advisory that Russian cyber actors from the GRU Main Center for Special Technologies, known as the Sandworm team, had been exploiting a vulnerability in Exim mail transfer agent software for Unix-based systems since at least August 2019. A remote code execution allows an unauthenticated remote attacker to send “a specially crafted email to execute commands with root privileges allowing the attacker to install programs, modify data, and create new accounts,” NSA said in its an advisory.
Additionally, the report found that more than half of election administrators may find themselves underprepared to fend off phishing attacks, a common vector for malware and ransomware attacks.
In its review of emails of over 12,000 U.S. election administrators, cybersecurity firm Area 1 reported that a little over half (53%) have only rudimentary or non-standard technologies to protect themselves from phishing, and less than 20% have implemented advanced anti-phishing cybersecurity controls. Private email accounts are being used by 5% of respondents, and number of election administrators independently manage their own custom email infrastructure.
While this year’s elections are taking place in an environment rife with foreign interference, social media influence, questions about the integrity of election infrastructure and inconsistent public policy about encryption, could erode confidence in the election, the report said -- even if the consequences of a phishing attack do not actually change voting results.
The report recommended election administrators eliminate the use of Exim email servers, transition to cloud email infrastructure and
Connect with the GCN staff on Twitter @GCNtech.