By Eyal Benishti on October 19, 2020

Nation-State Phishing Attacks Target Voters

Cybercriminals have always attempted to exploit current events. This year, we’ve seen attempts to leverage COVID-19, Amazon Prime Day and even the new iPhone announcement to dupe recipients.

The biggest current event right now is this November’s election. Millions of people across the United States have already voted. Millions more will vote in the next two weeks, even before election day. Hackers increasingly seek to take advantage of people’s desire for knowledge. They are also capitalizing on the intensity of individual support or disdain for a particular candidate.

In September, Microsoft, the largest provider of email services through its 365 platform, detailed several recent large election-targeted attacks on businesses and governmental agencies. The commonality? All the attacks emerged through the most common vector for cyberattacks - email phishing.

Microsoft Uncovers Foreign Phishing Threats

According to Microsoft’s investigation, numerous international hacking groups have stepped up efforts to disrupt the U.S. election, specifically by targeting the campaigns of President Donald Trump and Democratic nominee Joe Biden.

The Russian hacking group Strontium (also known as Fancy Bear) has attacked more than 200 campaign-affiliated organizations in the twelve months leading up to the U.S. election. Microsoft also found that Strontium had launched phishing campaigns to harvest people’s log-in credentials or to compromise their accounts. If successful, the hackers could then steal financial information and continue to spread disinformation.

Between March and September of this year, the Chinese hacking group Zirconium launched thousands of attacks that have resulted in nearly 150 compromises. Zirconium has also attempted (unsuccessfully) to target people affiliated with the Biden campaign through their non-campaign email accounts. Zirconium has also targeted accounts at universities and international affairs organizations.

Fake Voting Pages Also Flourish

In additional to other credential harvesting attempts, attackers are increasingly leveraging fake login pages. Just this month, the FBI announced that cybercriminals are setting up fake voting websites to spread misinformation. While the FBI didn't disclose specific fake websites, cybersecurity researchers have identified examples of the scam in action. Some fake sites aim to mislead voters, while others try to use interest around voting to steal login credentials. These fraudulent sites closely imitate official websites, making it extremely difficult to recognize the deception.

The FBI also warned of increased social engineering attacks, designed to expose human vulnerabilities and to deceive targets into taking an action. Specifically, the FBI warned that attackers are impersonating election official email addresses, trying to trick people who seek voting information to click on malicious links instead.

Self-learning Email Security Needed to Protect Against Today’s Attacks

Even though the general public is aware these risks exist, many experts believe that election related attacks are as dangerous as even 2020 due to increasingly sophisticated targeting. What makes these attacks so dangerous is that they bypass many built-in email security tools and secure email gateways. None of the attacks we’ve identified above from Microsoft and the FBI contained malicious links or attachments. This makes these attacked much more difficult for legacy email security tools to identify.

To reduce risk and protect again threat actors, IRONSCALES’ platform uses AI, computer vision, deep learning and natural language understanding (NLU) technology built into our self-learning email security platform to stop both social engineering attacks and identify fake login pages.

It is essential that we take whatever actions we can to protect ourselves, our privacy and our right to vote. Disinformation is everywhere – the least we can do is stop it from entering our email inboxes.

Published by Eyal Benishti October 19, 2020

Join thousands of your peers! Subscribe to our blog.

Ironscales needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at any time. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, please review our Privacy Policy.