U.S. — Election Administrators Failed to implement Phishing Protection: Study


    A majority of election directors in the US have but to implement cybersecurity controls designed to offer safety in opposition to phishing assaults, a brand new Space 1 Safety report reveals.

    Phishing, a sort of cyber-attack the place the sufferer is tricked into performing an motion that ultimately leads to malware an infection, information loss, or theft of credentials or cash, has reportedly been concerned in over ninety % of the info breaches worldwide.

    The U.S. elections have been focused by phishing as effectively, with examples together with assaults in opposition to election-sensitive organizations in 2016 and 2018, and phishing makes an attempt focusing on the present 2020 election cycle.

    Seeking to consider the e-mail protections and controls that election directors have applied, Space 1 Safety has analyzed 10,000 state and native election directors’ susceptibility to phishing, and it has found that greater than half of them use rudimentary or non-standard applied sciences for phishing safety.

    The research additionally found that roughly a 3rd (28.14%) of election directors have primary controls to forestall phishing and that lower than one-fifth of them (18.61%) use superior anti-phishing controls.

    In line with the report, 5.42% of the election directors use private e mail addresses. Others independently handle their very own customized e mail infrastructure, some utilizing variations of the Exim mail server which can be recognized to have been focused in cyber-attacks.

    Space 1 Safety charges the applied anti-phishing controls as superior (when an unbiased e mail safety service is used on high of cloud e mail controls), primary (cloud supplier’s e mail controls solely), restricted (rudimentary cyber-security controls), non-standard (personal e mail management based mostly on open supply software program), and non-standard private (use private e mail/controls for private e mail).

    The score system solely takes into consideration publicly observable e mail safety controls, however not extra inner controls that enhance safety however don’t stop phishing, enterprise e mail compromise (BEC), or credential harvesting assaults. SPF, DKIM and DMARC insurance policies will not be considered both.

    “Having sturdy DMARC insurance policies ensures that organizations are defending their model and area for outbound emails; however is inadequate and ineffective in opposition to inbound phishing assaults. We suggest that every one organizations extensively undertake and implement DMARC insurance policies as a matter of cyber-security hygiene,” the safety agency notes.

    In its report, which contains safety rankings for election directors in each U.S. county, Space 1 Safety recommends that election directors stop utilizing Exim, particularly in gentle of just lately focused vulnerabilities, or at the least be sure that it’s updated. It additionally recommends using cloud e mail infrastructure and refraining from utilizing private emails for the administration of elections.

    Associated: U.S. Authorities Warns of Steady Election Meddling Efforts

    Associated: Democrats ‘Gravely Involved’ Over International Interference in US Vote

    Associated: Menace to US Elections Not Restricted to Russia in 2020

    view counter

    Ionut Arghire is a world correspondent for SecurityWeek.

    Earlier Columns by Ionut Arghire:

    Recent Articles

    More attackers using Exploits from Zero Day

    A examine this 12 months by FireEye has discovered that extra attackers used zero day exploits of their cyber assaults in 2019 than in...

    Windows 10 Build 20211 allows you to access Windows and WSL 2 Linux file systems.

      Dev Channel Insiders are in for a deal with this week. Home windows 10 Construct 20211 introduces numerous new options, together with including Search...

    Arch Linux Based Distribution from A Beginner

      If you’re in search of an Arch-based newbie’s Linux distribution and simpler to make use of and set up, gives all attainable desktop environments...

    Zerologon: How Bitdefender protects consumers from this Post-Exploit No-Credential Technique

      Zerologon is a zero-credential vulnerability that exploits Home windows Netlogon to permit adversaries entry to the Lively Listing area controllers, first reported in August...

    Hackers gather intelligence on potential opponents of the regime in Iran

      Iranian Group Discovered Spying on Dissidents An Iran linked group, named Rampant Kitten by researchers, has been found focusing on anti-regime organizations in a marketing...

    Related Stories