election security

Online election defense improving, threat report finds

Symantec's latest annual internet threat report credited the U.S. government and social media companies with using a mix of intelligence, bot tracking and lessons learned from the 2016 election to identify and close thousands of accounts and pages believed to be associated with foreign influence campaigns.

The Department of Homeland Security and U.S. Cyber Command also got shout outs for efforts to protect election infrastructure in the lead up to the 2018 midterms. Those efforts included conducting cyber operations against Russia and other nations, establishing better coordination with states and installing Albert sensors that could detect malicious activity around voting machines and election software.

However, such cyber campaigns continue, and these organizations should only get "partial credit" for tackling the issue until their efforts are further tested during the 2020 presidential elections, Symantec said.

Other threat trends highlighted include the rising use of formjacking, which steals credit card details and other information from payment forms on web pages, and cryptojacking, where unwitting victims' computers are used to mine cryptocurrencies.

Ransomware, which made headlines in when it hit state and local government offices, is accelerating in the enterprise, accounting for 81 percent of all ransomware infections. Even though overall ransomware attacks were down, 2018 saw a 12 percent increase in enterprise infections, primarily delivered by email campaigns.  Because enterprises rely on email as their chief communication tool, they have been hit harder by email-based attacks, the report said.

While the rate of malware in emails stayed relatively constant, phishing levels declined, as it has every year for the last four years, the report said. Symantec also found that the global use of zero-day exploits continues to fall, while malware inserted into Microsoft Word documents accounted for nearly half of all malicious email attachments -- a huge leap from 2017 when the practice accounted for only five percent of such attacks. Macros in Office files are also used by cyber crime groups to propagate malicious payloads.

"Hunting for a zero day is very expensive,” said Ken Durbin, a senior strategist for global government affairs at Symantec. "It takes time and effort and resources and … once it's out in the wild it can be mitigated, which means you've lost your investment. It's very hard to flag Microsoft Word traffic as malicious unless you have more context around it, so it's hiding in plain sight."

This article was first posted to FCW, a sibling site to GCN.

About the Author

Derek B. Johnson is a former senior staff writer at FCW.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected