Security Researchers Warn of Uptick in Election Spam


Hackers continue to take advantage of election-related anxiety to launch cyberattacks by email at greater volumes than would usually be expected, security companies say.

Fraudulent emails that attempt to lure users into clicking on links that deliver ransomware and other viruses are often designed around current affairs, such as the coronavirus pandemic, natural disasters and elections. They usually pose as authorities, or say the emails include attachments that promise new information, but which are actually infected with malware.

The number of attacks related to this year’s U.S. presidential election and launched since Election Day on Nov. 3 has been markedly higher than normal, said Sherrod DeGrippo, senior director of threat research and detection at Proofpoint Inc., a cybersecurity company that specializes in email protection.

“While we have seen this kind of activity during past events, this year the volumes and social engineering lures are more persistent and in higher volumes,” Ms. DeGrippo said. “As long as uncertainty exists around the election—including any attempts to widely sow distrust in the electoral process—we will likely see actors use these themes in their lures.”

While many hackers send out vast numbers of emails and rely on a small number of clicks, some have used more targeted approaches since last Tuesday, Ms. DeGrippo said.

For instance, hackers using the Qbot virus, a trojan in operation since 2008 that harvests data from an infected machine, have sought to exploit concerns about the legitimacy of the election. Specific subjects hackers are targeting include disputes over the integrity of the race, as President Trump challenges the election results. Ballots are still being counted, even though several news outlets called the race for President-elect Joe Biden on Saturday.

Around 16,000 emails sent by the hackers on Wednesday had attachments named “Election Interference” containing a fraudulent document that downloads the trojan when accessed, according to security company Malwarebytes Inc.

“This is just one campaign, but we continue to see malicious campaigns using candidate names to spread malware as well,” Ms. DeGrippo said.

Some attackers also targeted specific industries with email campaigns before Election Day and continue to do so, said Theresa Payton, president and chief executive of cybersecurity company Fortalice Solutions LLC. She said her firm had tracked emails targeting retail, hospitality and fracking companies, among others, claiming candidates would lock them down in coronavirus pandemic-related restrictions after being elected.

“Naturally someone is going to click on that,” said Ms. Payton, who served as the White House chief information officer under President George W. Bush. “The whole world is on edge right now. Everyone’s job feels tenuous.”

Security experts and government officials have warned that despite an apparent lack of major cyberattacks on voting systems, the days after the election could still create opportunities for hackers.

Christopher Krebs, director of the Cybersecurity and Infrastructure Security Agency, an arm of the Department of Homeland Security, described Election Day as the “halftime” mark during a press conference last Tuesday. Gen. Paul Nakasone, director of the National Security Agency, told The Wall Street Journal the same day that his agency would be monitoring the period after the election for possible interference from foreign hackers.

Companies should be on the lookout for election-related threats in the days and weeks to come, said Anthony Ferrante, global head of cybersecurity at
FTI Consulting
Inc.

“Until the dust settles, organizations would be smart to be extra vigilant when it comes to cyber threats,” said Mr. Ferrante, who was the director for cyber incident response at the U.S. National Security Council from 2015 to 2017. “Just as the pandemic taught us six months ago, such a charged election like we have today is going to introduce additional risk from adversaries, whether foreign or domestic.”

Write to James Rundle at james.rundle@wsj.com



Source link