Even with the pandemic colliding with a presidential election, and a ransomware alert from federal agencies, cyberthreats are business as usual.
"If you're connected to the internet, you're at risk, right?" said Kelvin Coleman, executive director at the National Cyber Security Alliance (NCSA). "If I'm driving a high-end automobile, or I'm driving an economy automobile, if we get on a highway, we're both at risk."
While the Department of Homeland's cyber "war room" was established for the 2018 midterms, organizations across sectors don't have the same 24/7 election watch. Every organization, in the public or private sector, is exposed to heightened risk right now. But for many organizations, threat mitigation comes down to the basics.
"I know passwords are not the most exciting things to talk about … but neither is washing your hands during the COVID[-19] pandemic," said Coleman. It's not the "most exciting, sexiest thing to do" but it works and reduces risk.
The latest technological developments are almost irrelevant if security is absent from an organization's culture. It's a matter of reminding organizations of their security hygiene, according to Coleman. "How long have we had the 'Only you can prevent forest fire campaign?' … You have to remind people in the same way with technology."
Where threats lurk
With the election in the background, organizations were alerted of greater threats, particularly from ransomware. Q3 2020 experienced an increase in ransomware attacks, specifically Ryuk.
"I don't think it's election driven. I think it started earlier because governments were paying, and they were vulnerable," said Bill Conner, CEO of SonicWall. Bad actors "can do a lot more damage with paper mail, ballot boxes and those kinds of things, than targets on the election voting system."
This year, the federal government put more emphasis on the electronic component of voting, said Conner. The government "doubled down" on public-private partnerships, certifying and testing voting systems.
Still, nearly two-thirds of government employees are worried about a cyberattack on candidates, political parties, and voting infrastructures influencing the integrity of the presidential election, according to a Morphisec survey.
"I think everyone is very sensitive to the interdependency of government right now," said Conner.
While the public sector put policies and procedures in place for election security and integrity, "we are definitely vulnerable right now before the election. We need to accept it," said Michael Gorelik, CTO of Morphisec. Bad actors already have a foothold on compromised systems and access to compromised credentials.
In September, Microsoft published research determining "foreign activity groups have stepped up their efforts targeting the 2020 election as had been anticipated." The company observed hacker operations in Russia, China, and Iran with intentions of targeting political campaigns, parties advocacy groups, consultants, and associates of party leaders.
Microsoft detected three primary groups: Strontium, Zirconium and Phosphorus. Russia-based Strontium was involved in the 2016 election, though it evolved its strategies to disguise credential harvesting attacks.
The overlap of public and private sector information sharing is "inevitable" during an election, according to Coleman. "I don't judge it as good or bad. It is what it is."
China-based Zirconium was behind "thousands of attacks" between March and September this year, according to Microsoft. The operators use web beacons "tied to a domain they purchased and populated with content," then email or text a URL to their target.
The domain itself isn't malicious, and instead is used as a way to gauge whether or not the recipient is an active user.
"Attackers, they move to manual trial and error means even if a domestic tool is being intercepted, they try other stuff … so it becomes much more personal," said Gorelik.
Over the summer, Microsoft was granted permission to disrupt Iran-based Phosphorus' operations by taking over 25 internet domains it used. "To date, we have used this method to take control of 155 Phosphorus domains," the company said.