Researchers at Trellix warn of phishing attacks targeting election workers in advance of the US midterm elections. These attacks spiked ahead of the primary elections in Arizona and Pennsylvania earlier this year, and the researchers expect this trend to continue into the November elections.
“Over much of the last year, Trellix’s global network of threat sensors and the Trellix Advanced Research Center have identified a surge in malicious email activity targeting county election workers in the key battleground states of Arizona and Pennsylvania coinciding with these states’ primary elections,” the researchers write.
“In investigating the nature of this activity, Trellix identified a familiar password theft phishing scheme as well as a newer phishing scheme seeking to prey on the absentee ballot administration process.”
In some cases, attackers compromised legitimate email accounts and used them to send emails to election administrators.
“Many threat actors such as QBot, Hancitor, Emotet and others have been known to steal and use email threads that make it possible to target specific victims more effectively,” Trellix says. “These actors have found success in using such trusted email correspondence to deliver malicious documents (.zip, .pdf, .docx, etc.) or malicious download links such as that used in this sample.
The election administrator replies to make himself as helpful as possible to someone posing as a trusted partner in the election process. The attacker sends a Microsoft OneDrive link from which the election worker can download the completed absentee ballot applications.”
The researchers conclude that states and counties in the US have varying levels of funding and resources, which complicates defending against these attacks.
“The ‘primary surge’ reminds us the national issue of election security is very much a state and local issue with which state and local entities and infrastructure must wrestle,” the researchers write. “Furthermore, states and localities do not operate on an equal cybersecurity footing.
Some will be more susceptible to attacks than others and many will continue to require the help of the federal government to not only harden themselves to these and other attacks, but also educate local election employees in cyber hygiene to thwart them at their point of attack.”
New-school security awareness training can enable your employees to thwart phishing and other social engineering attacks.
Trellix has the story.