Election officials are vulnerable to phishing attacks, report warns

Less than 20% of election administrators have implemented advanced anti-phishing cyber security controls

Several county and local election officials are using email systems that could leave them vulnerable to phishing attacks, according to an Area 1 Security report.

Area 1 Security, in partnership with Americans for Cybersecurity, analyzed state and local election administrators’ susceptibility to phishing attacks. According to the report, 53.24% of election administrators use only simple or nonstandard technologies to protect themselves from phishing attacks, while only 18.61% have implemented advanced anti-phishing cybersecurity controls.

A troubling 5.42% of election administrators use personal email addresses or personal email technology for election-related matters too. 

According to Area 1 Security, several election administrators independently manage their custom email infrastructure as well.

In an interview with The Wall Street Journal, Area 1 Security CEO Oren Falkowitz explained: “When you run your own service and you don’t partner with someone to professionally manage it, it means you have to be perfect every single day. That’s really hard."

Area 1 Security says it found officials in six small jurisdictions in Michigan, Missouri, Maine and New Hampshire using Exim too. In May, the National Security Agency warned that threat actors linked to the Russian military intelligence agency - the same actors who interfered with previous elections - have targeted the version of Exim these officials are using.

Government agencies nationwide have faced ransomware attacks, many of which began with malicious email messages, security experts told The Wall Street Journal

At an online conference held by the National Association of Secretaries of State, a top Department of Homeland Security election security official stated malicious software targeting computer systems used by election officials remains an issue.

“We’ll see that ransomware will come and take down the county network, which has an impact on the election network, even though it wasn’t being targeted,” explained Matt Masterson, senior adviser on election security for the Department of Homeland Security. “It may have an impact on, particularly, a local office’s ability to run elections.”

For hackers looking to undermine the upcoming election, underprepared election administrators are an easy target. Election administrators claim security testing and monitoring of election networks is better now than it was in 2016, though. More counties are using paper-ballot voting machines as a backup. 

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

BEC scammers using Google Forms to identify easy victims
phishing

BEC scammers using Google Forms to identify easy victims

21 Jan 2021
FBI warns of ongoing corporate vishing attacks
phishing

FBI warns of ongoing corporate vishing attacks

19 Jan 2021
Hackers using COVID vaccine as a lure to spread malware
hacking

Hackers using COVID vaccine as a lure to spread malware

15 Jan 2021
Cyber criminals bypassing MFA to access cloud service accounts
two-factor authentication (2FA)

Cyber criminals bypassing MFA to access cloud service accounts

14 Jan 2021

Most Popular

Citrix buys Slack competitor Wrike in record $2.25bn deal
collaboration

Citrix buys Slack competitor Wrike in record $2.25bn deal

19 Jan 2021
How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021
SolarWinds hackers hit Malwarebytes through Microsoft exploit
hacking

SolarWinds hackers hit Malwarebytes through Microsoft exploit

20 Jan 2021