Election Day Cybershenanigans Highlight Need to Shore Up Security

...

Hackers last week launched DDoS attacks against both presidential candidates' campaign websites. The attacks were routed through HTTP Layer 7 of the OSI protocol.

There were at least four 30-second attacks reported.

"The websites were not penetrated by a cyberintrusion," said John Costello, a senior analyst at Flashpoint.

"They were attacked using their publicly available Web addresses and associated IPs," he told the E-Commerce Times.

The attackers were unsophisticated hackers and not a nation-state, Flashpoint said.

The attacks were not linked to the cyberintrusions on Democratic Party systems or the email breach affecting John Podesta, chairman of Hillary Clinton's presidential campaign. The United States has accused Russia of perpetrating those attacks.

The Mirai botnet was responsible for the campaign website hacks, Flashpoint said. It is known to have been behind other recent DDoS attacks that took advantage of devices connected to the Internet of Things.

The botnet's source code has been released, fragmenting it into smaller, competing botnets, Costello noted, which "has significantly lowered the impact, efficacy, and damage of subsequent attacks. No single attacker has been able to gain control of enough devices to replicate the scale of attacks we saw against Dyn DNS, OVH, or Krebs on Security."

The attacks "demonstrated that script kiddies and other basic threats were able to target and potentially disrupt portions of candidates' websites without the respective campaigns noticing the attacks," said James Scott, senior fellow at the Institute for Critical Infrastructure Technology.

That occurred "because both the sites lacked appropriate mitigation precautions," he told the E-Commerce Times.

"A greater prioritization and focus on cybersecurity and cyberhygiene is needed to secure the electoral process and America's critical infrastructure," Scott remarked.

Taking down websites is penny-ante stuff, and "I'd make a distinction between attacks that disrupt the availability of websites and attacks that raise questions regarding the integrity of the U.S. election process," said Rick Holland, VP of strategy at Digital Shadows.

The real danger of attacks like those against the Democratic National Committee, which resulted in emails being stolen and leaked, is that they "raise suspicions in the electorate that will have much longer-term implications for day-to-day governance of the nation," he told the E-Commerce Times.

Such leaks "fuel the opposition, which could launch investigations and inquiries that make it difficult for Washington to function."

Federal, state and local government officials could ensure the security of elections by implementing such measures as security websites and complex credential requirements, ICIT's Scott suggested.

Federal agencies may offer assistance to candidates on request, but "it is the responsibility of candidates to excel the minimum required security controls," he said.

Candidates and party officials also could set mandatory security guidelines in line with federal agency recommendations and trusted cybersecurity standards and guidelines, Scott added.

Data "is a liability and needs to be handled as such," Digital Shadows' Holland warned. Government officials "need to implement data governance policies that address data retention."

"Powerful malware such as Mirai will continue to develop and evolve," Scott said. "Every day, these sophisticated [types of] malware become more accessible, and easier to acquire and utilize by less-sophisticated threat actors."

The federal government should designate the election systems themselves as critical infrastructure, Holland maintained. That would not be sufficient to eliminate the threat, but it would accelerate resiliency.

Richard Adhikari has written about high-tech for leading industry publications since the 1990s and wonders where it's all leading to. Will implanted RFID chips in humans be the Mark of the Beast? Will nanotech solve our coming food crisis? Does Sturgeon's Law still hold true? You can connect with Richard on Google+.

Categories
Guide
0 Comment

Leave a Reply

Captcha image


RELATED BY

  • 5300c769af79e

    iPhone 7 Rumors: Intel LTE Chip, Compact Camera

    However, one analyst claims it's 2017's iPhone 8 that everyone should be watching.Though the official launch of Apple's latest flagship iPhone, likely called the iPhone 7, is still about half a year away, new rumors continue to leak out, including one that indicates the company will be swapping out a Qualcomm LTE modem chip for Intel silicon.
  • 5300c769af79e

    Maintaining Team Focus In The Digital Maelstrom

    For team leaders though, the challenge is to focus on productivity and find ways to be deliberate about harnessing and leveraging technology to make it work for the team, rather than letting it hinder the team's progress.If you've identified that your team's productivity is suffering, now is the time to take action.
  • 5300c769af79e

    HPE, HP Sued for Elbowing Out Older Employees

    Hewlett Packard Enterprise and HP are facing a potential class action lawsuit brought earlier this month by four former employees.The companies engaged in widespread age discrimination during a restructuring of the legacy computer and printer manufacturer, according to their complaint, filed in U.
  • 5300c769af79e

    Enterprise Mobile: The New Threat Vector

    Download Appthority's White Paper, Enterprise Mobile: The New Threat Vector delves into how employees' mobile devices are undermining your enterprise security efforts.Because risky apps on mobile devices leak private data that can be leveraged for spear-phishing or watering hole attacks, and risky apps also send sensitive corporate data to cloud storage or remote servers in locations such as China and Eastern Europe, it may be that CISOs are missing a critical opportunity to secure their enterprises by not making mobile device security a top priority for breach prevention.