Several county and local election officials are using email systems that could leave them vulnerable to phishing attacks, according to an Area 1 Security report.
Area 1 Security, in partnership with Americans for Cybersecurity, analyzed state and local election administrators’ susceptibility to phishing attacks. According to the report, 53.24% of election administrators use only simple or nonstandard technologies to protect themselves from phishing attacks, while only 18.61% have implemented advanced anti-phishing cybersecurity controls.
A troubling 5.42% of election administrators use personal email addresses or personal email technology for election-related matters too.
According to Area 1 Security, several election administrators independently manage their custom email infrastructure as well.
In an interview with The Wall Street Journal, Area 1 Security CEO Oren Falkowitz explained: “When you run your own service and you don’t partner with someone to professionally manage it, it means you have to be perfect every single day. That’s really hard."
Area 1 Security says it found officials in six small jurisdictions in Michigan, Missouri, Maine and New Hampshire using Exim too. In May, the National Security Agency warned that threat actors linked to the Russian military intelligence agency - the same actors who interfered with previous elections - have targeted the version of Exim these officials are using.
Government agencies nationwide have faced ransomware attacks, many of which began with malicious email messages, security experts told The Wall Street Journal.
At an online conference held by the National Association of Secretaries of State, a top Department of Homeland Security election security official stated malicious software targeting computer systems used by election officials remains an issue.
“We’ll see that ransomware will come and take down the county network, which has an impact on the election network, even though it wasn’t being targeted,” explained Matt Masterson, senior adviser on election security for the Department of Homeland Security. “It may have an impact on, particularly, a local office’s ability to run elections.”
For hackers looking to undermine the upcoming election, underprepared election administrators are an easy target. Election administrators claim security testing and monitoring of election networks is better now than it was in 2016, though. More counties are using paper-ballot voting machines as a backup.
