All eyes are on social media platforms and campaigning agents’ IT infrastructures—will hackers pull off yet another digital force majeure?

With the US Presidential Election happening this week, campaigns are in full swing – collecting voter data, analyzing polling information, and zeroing in on party registrations. There is more digital information being generated than at any other time in US voting history.

While this is great news for campaigns trying to win votes, it is also a prime opportunity for hackers looking to carry out ransomware and other attacks. No matter where you sit on the political spectrum, it is extremely important for organizations to ensure information is always available and protected. To prevent any attack that might wreak havoc on the political system, holistic data protection and resilience of applications and infrastructure are essential.

When people talk about cybercrime and government elections, they often imagine attacks on voter booths and polling data.  But hackers start much sooner—hitting easier targets first. Attacking a political organization before the election and freezing data with ransomware is often low-hanging fruit for hackers and hacktivists looking to make money or trouble.

Tools that help canvass voters, deliver campaign information, or influence voting rarely enjoy the same level of data protection—making them a top hacking opportunity. Organizations responsible for those systems should be acting now to ensure these systems are available when needed, and any data is protected holistically no matter its complexity or where it resides.

Paying for ransomware in a crunch

The key to a successful attack is to strike at the very moment when data is needed. The target can be anything related to the campaign—whether it is mailing lists, volunteer driving schedules, or canvassing data. All this information can be critical in the weeks running up to election, and the hackers know it.

That is why organizations must have off-site, encrypted copies of information to protect against leading threats such as ransomware. This must be backed by an end-to-end solution with the ability to unify data protection across the infrastructure, said Andy Ng, Vice President and Managing Director (Asia South Region), Veritas Technologies LLC.

“It’s no longer a question of ‘if’ a ransomware attack will hit a political organization, but ‘when’. Especially now when hackers know organizations are under time pressures heading into the election—and thus, more likely to pay up. Ransomware attacks can bring an organization to its knees, so campaigns must be acutely aware of, and prepared for, the threat in the months before an election. It may not be November, but these bad actors are working now to steal your data.”

In the runup to an election all manner of reasons can motivate a ransomware attack on a political organization. Sometimes, attacks are purely financially-motivated, where hackers believe organizations under the pressure of a voting deadline will be more likely to pay up.

State-sponsors a force to reckon with

At the other end of the spectrum, they may be carried out by political hacktivists who believe there is a moral imperative to stop an opposing candidate. Regardless of the motivation, a ransomware attack can be devastating to an organization, so political bodies must be acutely aware of, and prepared for, ransomware.

It is just too easy to imagine all ransomware being pushed by sophisticated computing collectives targeting huge organizations. The reality is, with a couple of hundred dollars and access to the internet, anyone can buy everything required to use ‘ransomware as a service’. Even worse, they need very little technical knowledge to begin targeting political organizations. This means community organizations and regional offices must be just as alert to the dangers of ransomware as large ones. “Hackers and ransomware do not discriminate. They just want your data, and will do anything to get it,” said Ng.

No one knows how big or influential a political campaign might become, or how long a candidate will stay in the race. Community organizations take hold in the public interest and become significant political forces, while little-known candidates grow to push out established names. While great for democracy, it is also a perfect environment for hackers. Networks and systems built for community organizations are rarely designed to withstand the ransomware threats that much larger, established political bodies face. But in the rush to scale, data protection is often forgotten. These conditions create the perfect environment for ransomware to take hold; and hackers know it.

“Federal authorities believe one of the gravest threats to the November election is a well-timed ransomware attack. One that could disrupt vote-tallying, prevent officials from verifying voter eligibility, or otherwise paralyze voting operations. That’s why state and local governments must not only backup their data, but have a plan to quickly recover in the event of an attack. Hours always matter with ransomware and quick access to election data will be more important than ever in November,” Ng said.

Social engineering tools

Ng notes that as many voters are relying on the work-from-home model, they are taking millions of corporate devices outside the firewall. This will be the first US Presidential election to take place in such a digital environment, where so many people are using work devices in the home, being used to enable social interactions, and migrating much of the election battle onto social media.

“Election-themed social content is prime fodder to bait unsuspecting employees into a phishing attack, since it can often evoke a highly-emotional response that can lower peoples’ guard against clicking suspicious links. To avoid the risk from ransomware or phishing, organizations must act now to educate employees on new social dangers. Veritas recommends five actions for businesses to take now,” Ng suggested:

  1. Communicate the risk of election-based hacking to all employees.
  2. Remind them of the company’s security policy.
  3. Ensure the personal, acceptable use policy is well understood. Specify if employees can use social media for such personal interests as the election research and news.
  4. Push out regular updates to all remote devices—ensuring the latest security patches are in place.
  5. Fully assume that, no matter how good your defenses are, someone will eventually click a rogue link and the corporate network will be compromised. Ensure all information is protected through comprehensive backup so it is recoverable after an attack takes place.

International visibility is a major threat

This election is likely to be one of the most emotional votes ever, which also means it can be one of the most dangerous elections for digital security. The election process is tribal and divisive, and playing out in real time across social media. Hackers are well aware of the opportunity this creates—building the ‘perfect storm’ for social engineering. Playing off voters’ emotions, hackers can easily orchestrate a successful ransomware attack: all they need to do is convince voters to click a link. It is important for businesses and their employees to avoid letting emotions get in the way of smart digital security.  

“We’ve entered the age of ‘always-on’ employees, as the lines between work and personal time are increasingly blurred. This accelerated online time is a prime opportunity for hackers to exploit the weakest link in a company’s security infrastructure: the employee. It is estimated about 95% of cybersecurity breaches result from human error, such as an employee clicking an e-mail link. Hackers are aware of this weakness and will use any form of emotionally charged content to exploit it. Social selling means that social media accounts are increasingly being installed on corporate devices but, for employees following the latest developments in the election cycle on those devices, clicking on a random link could spell disaster for the corporate network. Organizations must educate employees on the newest techniques hackers use to trick users into being the weakest link in a ransomware attack.”

Finally, the upcoming global spectacle is gaining unprecedented international visibility. As a result, there is a lot more election-based content coming from foreign sources that may be less familiar in the Singapore and the region. So, while Singaporeans may easily spot a fake link to local reliable news source, can they accurately identify a fake link to The Washington Post in the US?

“Hackers are already spinning up a heady mix of tantalizing content, hard-to-spot scams and malicious malware to create ideal conditions for ransomware attacks. Businesses must act to ensure their data protection policies and tools are ready to handle this heightened threat, protecting against phishing and ransomware before they compromise corporate data,” Ng concluded.