Mark Ostrowski is Head of Engineering, US East, for Check Point Software, a global cyber security company. With over 20 years of experience in IT security, he has helped design and support some of the largest security environments in the country. Mark actively contributes to national and local media, discussing cyber security and its effects in business and at home. He also provides thought leadership for the IT security industry. Read this piece to discover Mark’s thoughts on the implications of recent cyber attacks as they pertain to the US presidential election. 

As the US presidential election approaches on November 3rd, the concern of disruption to the process continually increases.  The Department of Homeland Security, by way of the Cyber Security and Infrastructure Security Agency (CISA), documents the attack surfaces:

  1. Integrity attacks on state-level registration systems
  2. Availability attacks
  3. Voting systems and associate infrastructure
  4. IT infrastructure and systems used to manage devices

Since the pandemic started in the US, the cyber attack landscape has become wide and dynamic, following many narratives related to the health crisis.  The cyber security field witnessed an increase in attacks that targeted all things COVID-19; for example, coronavirus transmission information, PPE, vaccines, and treatment information. We continue to see phishing attacks targeting users of collaboration platforms as the world shifted to WFH and matured to WFA.  Ransomware is on the rise, double extortion is mainstream, and DDoS attacks are getting more powerful. And these vectors still exist today during this cyber pandemic.

As this article opened, I spoke of the more obvious election cyber risks.  What if we took an alternate view of the election; rather than looking at the election and its nearest attack surfaces, we’ll look deeper into the ‘election supply chain’.  Not the traditional supply chain (goods and services), but the companies and platforms that play a role in the success of government internet operations. Additionally and of equal importance, let’s look back over the last 6 months and take inventory of all the credential harvesting that has been done for financial gain (on the surface) and explore the idea that this data could be used to stage disruption.

The Cyber Security Impacts on the Election Supply Chain

Let’s start with Tyler Technologies, a leading provider of end-to-end information management solutions and services for local governments.  Their solutions touch a significant footprint of public services, including post-election results.  Tyler is actively remediating a ransomware event and the suspected malware is RansomEXX, a human-operable ransomware.  Reports also suggest that earlier this year this same malware infected Texas courts and the Texas TxDOT. The implications of these ransomware events are huge in terms business continuity, financial impacts and the extortion of releasing company data publicly.

In 2019, cp<r> reported a new strain of ransomware spotted in the wild, named DoppelPaymer, sharing most of its code with the infamous BitPaymer which is believed to be created by members of the TA505 group. Earlier this year, DoppelPaymer was used to target government networks in the US along with US financials.  Additionally, in early 2020, the Visser Precision ransomware attack had ties to government linked brand names Boeing and SpaceX.

Clearly, over the next several weeks, the ‘Election Supply Chain’ will be targeted. The credential theft of past months could be used in cyber attacks called credential stuffing, which can fuel account take over, ransomware and phishing campaigns. These attacks might seek financial gain or election disruption, but I suggest that attacks of the past had ulterior motives, building a black book of credentials for compromising the US elections. The sale and cataloging of credentials is nothing new, as we have seen this on the dark web for years. Today, the stakes are higher and the information is more valuable than ever. Companies and individuals need to the take required steps to secure everything and reduce the impact of cyber crime.