Numerous foreign and domestic threat actors are attempting to influence the U.S. midterm elections on Nov. 8 through phishing campaigns and misinformation.
The efforts made by hackers are an attempt to sow distrust into the election process as Arizona, Ohio, and Pennsylvania’s Senate seats are being hotly contested while gubernatorial races in Kansas, Wisconsin, Nevada, and Oregon are being closely watched since it’s a toss-up on whether a Democrat or Republican wins.
Cybersecurity criminals plan to cash in on the election, mostly through phishing-style campaigns while the manipulation or deletion of voter registration data ranks at the top of the list, said cybersecurity experts.
“From a cybersecurity standpoint, the most significant risks are a compromise of the actual voting machines or associated networks and the manipulation or deletion of voter registration data,” Karim Hijazi, CEO of Prevailion, a Houston-based cyber intelligence company, told TheStreet.
The hacking of voter machines remains low risk, experts said.
“To be clear, I would rank voter machine hacks as a lower probability risk at this time, but we should remain vigilant for the possibility,” he said.
The real story is more about misinformation and can take many forms with the potential to change outcomes in close contests, Alex Hamerstone, advisory solutions director at TrustedSec, a Fairlawn, Ohio-based ethical hacking and cyber incident response company, told TheStreet.
“As for the actual ‘hacking’ of election systems, the issue is largely overblown,” he said. “Although technical equipment issues can occur, the reality is that there are numerous technical protections in place for these systems, as well as many other safeguards in place like air-gapping, data backups, logging, monitoring that greatly reduce the potential for malicious activity.”
Bad Actors Have Changed
The bad actors who are seeking to push falsehoods and encourage misinformation are plentiful and are based in various countries, although Russians remain a top threat.
“That's not an easy one to answer anymore,” Hijazi said. “Several years ago, I would have said the top threat actors to watch were Russia and China, and the various cybercriminal groups that look for any opportunity to exploit.”
The pool of potential threat actors has broadened considerably because there is now a wide range of adversarial nation-states, plus "frenemy nations that may use this opportunity to conduct espionage on potential incoming politicians,” he said.
"We've also seen a big uptick in hacktivist activity, especially since the start of Russia's war in Ukraine, so I would expect some of these groups which are allied with Russia to play a role,” Hijazi said.
Hundreds of groups will be looking to profit from the election by using phishing-style campaigns where emails appear to be sent from legitimate organizations, Hijazi said. Their goal is twofold: information theft and fraud.
FBI Warns On More Disinformation
The FBI and Cybersecurity and Infrastructure Security Agency (CISA) already issued a warning on Oct. 6, alerting to the possibility of more disinformation that comes from “dark web media channels, online journals, messaging applications, spoofed websites, emails, text messages and fake online personas.”
The bad actors really run the gamut and range from “local efforts to push false information within communities to governments like Russia that are hoping to sow discord within the U.S.,” Hamerstone said.
While some of these disinfo groups operate with “tacit approval of foreign governments, others may be rogue operators with an agenda,” he said.
“It is important to note that attempts to influence elections through false information are as old as elections themselves,” Hamerstone said. “The fact that we now spend so much of our lives online and the general pervasiveness of social media have made it easier than ever for these bad actors to influence opinions and elections with little to no budget.”
Three Bad Actors Identified
Three known bad actors have been observed over the past several months,including APT29, also known as Cozy Bear, a threat group attributed to Russia’s Foreign Intelligence Service, Justin Fimlaid, president of NuHarbor Security, a Colchester, Vermont-based cybersecurity and risk management company specializing in local and state government and education, told TheStreet.
“Next is APT41, also known as Wicked Panda, a threat group associated with Chinese state-sponsored espionage,” he said. “Last is LockBit, a globally operated ransomware-as-a-service group that has been targeting state and local governments.”
Both the 2016 and 2020 elections saw extensive misinformation campaigns intended to sway voters to one candidate or another, Mike Parkin, a senior technical engineer at Vulcan Cyber, a Tel Aviv-based provider of SaaS for enterprise cyber risk remediation, told TheStreet.
“In this cycle, we can expect more of the same with foreign state level actors trying to sway voters to candidates that will be to their favor, but we can also expect various activities from U.S. based groups who want to sway the vote in their favor and don’t really care about democracy,” he said.