DHS: Russia Poses Greatest Threat to ElectionYet Another Report Warns of Nation-State Influence Operations
In the latest in a series of election security reports from government agencies, the U.S. Department of Homeland Security says Russia poses the most serious nation-state disruption threat to the U.S. presidential election.
"Nation-states like China, Russia, and Iran will try to use cyber capabilities or foreign influence to compromise or disrupt infrastructure related to the 2020 U.S. presidential election, aggravate social and racial tensions, undermine trust in U.S. authorities and criticize our elected officials,” the report released Wednesday notes. “Perhaps most alarming is that our adversaries are seeking to sway the preferences and perceptions of U.S. voters using influence operations.”
Nation-state advanced persistent threat groups will focus on voters' personally identifiable information, municipal and state networks and even single out state election officials directly for attack, DHS predicts.
"Adversaries could attempt a range of election interference activities, including efforts to target voter registration systems, to compromise election system supply chain, to exploit poor cybersecurity practices on protected election systems or networks, or to hack official election websites or social media accounts," the report notes.
A Launching Pad?
Certain actions by the political parties give attackers a potential aunching pad for their activity, says Hank Schless, senior manager of security solutions at mobile security provider Lookout.
"Recently, the presidential campaigns have tried to reach voters directly by sending SMS messages that ask if they've registered to vote or if they're planning on supporting a candidate,” he says. “Threat actors can easily mimic this strategy and include a malicious link in the message.
Brett Callow, a threat analyst with the security firm Emsisoft, notes that state and municipal governments have been steadily hit with ransomware attacks this year.
"While these attacks may not be specifically intended to disrupt the election, that could certainly be an unintended consequence,” he says. “In other words, the election could be collateral damage in a financially motivated attack.”
So far, Russia has been focusing primarily on influence operations attempting to garner support for or opposition to specific political candidates. Although the report did not mention which candidates Russian hackers are attempting to support, it acknowledges that Russia has denigrated Democratic presidential nominee Joe Biden (see: Final Report: More 2016 Russian Election Hacking Details).
To discourage voting – especially by minorities - Russian hacking groups will use the same methods they deployed in 2016, such as dispensing false information about when and where to vote, the report states (see: Facebook Removes More Accounts Linked to Russia).
China will focus on denigrating the Trump administration’s policies, the report states. And it will use economic measures and lobbying to promote U.S. policies more aligned with its interests, DHS says.
"Back in June, hackers linked to China and Iran were found to be sending malicious spear-phishing emails to staff on both the Trump and Biden campaigns. Considering how mobile these campaigns are, it is very likely these emails were opened on smartphones or tablets," Schless says.
Iran, like China, will attempt to influence the election so President Trump is defeated because it considers the current administration a threat to the regime’s stability, the report states.
Iran will promote messages supporting its foreign policy objectives and use online influence operations to increase societal tensions in the U.S., DHS says.
In September, the U.S. Justice Department unsealed several indictments against hackers with links to Iran and its government in an apparent effort to counter some of the disinformation campaigns (see: Will US Indictments of Iranian Hackers Be a Deterrent?).
In recent weeks, DHS, the U.S. Cybersecurity and Infrastructure Security Agency, the FBI as well Microsoft and other companies have issued a steady stream of election-related warnings.
The FBI and CISA issued two warnings about election disinformation campaigns. They also issues a warning about possible distributed denial-of-service attacks tied to the election. On Tuesday, they described the use of the Emotet botnet to spread malware to state and local government agencies.
Microsoft reported Russian, Chinese and Iranian hackers are targeting organizations and individuals associated with the Republican and Democratic U.S. presidential campaigns.
"The warnings that have come out recently are there to prepare the American people by educating them about the reality of cyberthreats during an election period,” Schless says. “Cybersecurity is new territory for many Americans. The first step in ensuring these attacks aren’t successful is by making the population aware of their existence and the tactics used by cybercriminals.”