Plaintext: Securing Political Campaigns, Elections
Welcome to Dark Reading in Plaintext, brought to your inbox this week by Wing Security . In this issue of Plaintext, we look at attacks targeting the elections in the United States. It's not just attempts to compromise campaign officials. Disinformation remains a problem. We also address how difficult it may be for SMBs to buy security tech. If you enjoy Plaintext, please share with friends and colleagues !
Adversaries Are Paying Attention to Elections. With just 73 days left till Election Day in the United States, the stakes are high. And adversaries are using all the tactics at their disposal, including deepfake robocalls and targeted phishing attacks. For example, Iran-backed APT42 targeted personal email accounts of about a dozen individuals affiliated with President Biden and former President Trump. The group also "remains persistent in its ongoing efforts" to compromise accounts of individuals affiliated with Vice President Kamala Harris. A Telegram bot is collecting compromised credentials relating to the Democratic party and the Democratic National Convention. Experts expect more cyber threats to surface as November nears, and those threats will likely carry more potency, warns Defending Digital Campaigns CEO and president Michael Kaiser . The good news is that more and more campaigns are adopting defenses and focusing on security preparedness, he says.
At USENIX Security 2024 earlier this month, there were a number of presentations around elections, including one on ElectionGuard , an open source cryptographic toolkit that can produce "end-to-end verifiable elections whose integrity can be verified by observers, candidates, media, and voters." ElectionGuard has been integrated into systems used in actual elections in Wisconsin, California, Idaho, Utah, and Maryland, according to the paper.
In a joint public service announcement, CISA and the FBI said any ransomware disruptions during voting periods will not disrupt the security of vote casting or counting.
"While the FBI will continue to leverage its tools and partnerships to combat cyber criminals, the public should be aware that ransomware is extremely unlikely to affect the integrity of voting systems or the electoral process." — FBI Cyber Division Deputy Assistant Director Cynthia Kaiser
Disinformation remains a problem for elections. "Given that it is difficult to directly compromise election systems used to vote and count votes, adversaries turn to the age-old psychological manipulation technique to get the desired outcomes: no hacking needed ," Shamla Naidoo , head of cloud strategy and innovation at Netskope , wrote on Dark Reading this spring, noting that disinformation campaigns have targeted elections around the world over the past year. Cybersecurity leaders should be educating employees and the general public on what to look for and how to effectively vet what they see online.
Cybercriminals are registering domains using names of the presidential candidates as well those running for state and local office, according to a report from BforeAI , to be released next week. Candidate keywords bring more credibility to these fake domains, which is a key consideration when these phishing sites are trying to trick supporters into making donations to the fake campaign. There are also ecommerce shops claiming to sell candidate merchandise but are just trying to steal personally identifiable information or downloading malware on user devices, according to BforeAI.
Dark Reading in Plaintext is brought to you by Wing Security
Is there a security risk lurking in your SaaS stack?
Learn if (and how) SaaS applications expose your organization to risks . Identify vulnerabilities by getting full visibility into your organization's apps, users, and third-party integrations.
Don't Leave SMBs Behind on Security. Small and midsize businesses (SMBs) are more vulnerable to attacks because software companies, cloud service providers, and technology makers either charge for safety features that should be offered at every service tier or fail to offer the features at all. Security leaders at smaller companies lament that they cannot even talk to a security vendor because they cannot meet the 500-seat minimum to purchase the technology. But leaving out small businesses from security defenses makes them vulnerable to attack, and that has a cascading effect if that business is a supplier to other organizations. Check out Zatik Security 's SaaS Safety Bar , a handy 9-item checklist of safety features for software-as-a-service and software that should be included by default in base tier offerings.
领英推荐
What We Are Reading
What We Heard On-Air
The Dark Reading team had some interesting conversations while at Dark Reading News Desk during Black Hat in Las Vegas.
"What has been the innovations over the last 50 years that has done the most to shift that advantage to the defense?" — Jason Healey on "Is Defense Winning? "
From Our Library
Check out some of the latest reports from our Dark Reading Library .
On That Note
HumaneIntelligence announced a nationwide AI red-teaming exercise supported by NIST. The event, a red-teaming pilot for NIST's ARIA GenAI evaluation program, is intended to demonstrate capabilities to rigorously test and evaluate the robustness, security, and ethical implications of cutting-edge AI systems through adversarial testing and analysis. If the idea of contributing to the advancement of secure and ethical AI appeals to you, check out the Call for Participation for details.
Dark Reading in Plaintext is brought to you by Wing Security
Cybersecurity Analyst | Cloud Universe Evangelist | Exploring the Frontiers of AI & Quantum Tech | Evolutionary & Future Ready.
3 个月How do we stay a step ahead??Public education is crucial..... How do we strike the right balance between innovation and broad protection?