With the 2020 presidential election looming just around the corner, concerns about election campaign interference are reaching an all-time high. Malicious actors are constantly evolving and cyber attacks are becoming more sophisticated -- which means that electoral campaigns in the U.S. may be more vulnerable than ever.
Political candidates are popular targets for cyber mischief, and taking the time to safeguard against attack is well worth the effort if another Podesta-style email scandal is to be avoided. If you don’t recall, John Podesta, Hilary Clinton’s campaign chair during the 2016 presidential election campaign, was hacked via a spear-phishing attack. While spear-phishing is one method to gain criminal access to a person’s device, there are many ways malicious actors can seek to disrupt a political campaign. Election hacking or campaign interference is a bi-partisan concern, and practicing good cyber hygiene can help reduce the cyber security risk.
Election hacking, campaign interference, and cybersecurity barriers
While there are many ways in which an election can be hacked, focusing on endpoint hardening and patch management can help minimize attack surfaces and reduce the impact of potential exploits.
Election campaigns are often running on limited funds and a tight budget, which leaves little room for expensive cybersecurity tools -- even though they may be necessary. A lack of expertise regarding good cyber hygiene practices and how to organize an effective cybersecurity strategy further encumbers the efforts of election campaigns. State and local governments often struggle with similar issues regarding budget constraints and limited expertise.
The non-profit organization, Defend Digital Campaigns (DDC), is dedicated to providing election campaigns with cybersecurity products and services at no-to-low cost and removing the barriers between election campaigns and effective cybersecurity. DDC works with cyber security vendors to provide access to these services during the duration of a campaign.
Election hacking: Vulnerable systems put elections in jeopardy
Earlier in 2020, forensic evidence revealed an election server in Georgia had been victimized by an attacker exploiting Shellshock, a critical remote code execution vulnerability. According to the report, the server had been hacked well before the 2016 and 2018 elections -- but, after a necessary patch for the vulnerability had been released. The electoral server was also unpatched against another critical cyber vulnerability. This finding highlights the importance of maintaining an effective patching strategy and showcases how easy it really is to compromise an election if basic cyber hygiene standards aren’t being met.
Shellshock was first disclosed in 2014, and the vulnerability is notoriously easy to exploit. Between that and the fact that it gives attackers the ability to run remote code and can be used to exploit Linux and Unix systems, Shellshock made itself extremely attractive to malicious actors. One (or some) of those bad actors were able to use Shellshock to victimize an electoral server located at the Center for Election Systems at Kennesaw State University -- the same group responsible for programming election machines across the entire state of Georgia.
While a patch for Shellshock was released in 2014, the electoral server at the Center for Election Systems (CES) went unpatched for three months. Based on the forensic data, a cyber security expert says that the attacker who exploited the server patched for Shellshock after gaining access to the system. Patching the vulnerability you just exploited is a common practice for malicious actors; it prevents other bad actors from using the same point of entry.
There have been countless indications that the U.S. electoral system is vulnerable to attack. Cybersecurity experts have long suspected that many of America’s election systems are not properly secured.
Unsecured endpoints are prime targets for election hacking and interference
Endpoints are a common target for attackers, no matter what kind of damage they’re looking to cause. And when it comes to electoral systems, unsecured endpoints are a major threat.
In Venango County, Pennsylvania, security experts found that remote access software had been installed on the election management computer located in the county’s office. The team determined that the software was being used by an authorized contractor --- but the risk to Venango County’s electoral process was obvious. This remote access software could have opened the door for attackers to compromise the election management computer. Election systems are supposed to be “air-gapped,” or disconnected from the internet and other machines that might be connected to the internet.
Remote access software on a key device for an electoral voting system is a major problem. If a contractor is working from their home computer, and this personal device is compromised, it could ultimately compromise the entire electoral system. A malicious actor could seize control of the personal device and use the software to gain entry into the county’s electoral system.
While Venango County is no longer using remote access software, the fact remains that other municipalities around the country could very well be putting their electoral systems at risk, too. Endpoints can be compromised in a variety of ways that can ultimately lead to election interference. Better endpoint security measures can help safeguard the integrity of the electoral process.
Why election campaigns need endpoint security
It’s not just the electoral process itself that is vulnerable to attack: Election campaigns on both sides of the aisle are popular targets for malicious actors.
Election campaigns tend to expand quickly, adopting new members left and right. And in most cases, those new people are depending on their own personal devices to get work done. There is a litany of unscrubbed laptops, tablet and cell phones that probably haven’t been updated in a while, all connecting to the same network. And, there’s no time to really give these workers proper training regarding cybersecurity. Phishing emails gave us the Podesta email scandal during the 2016 election, and they’re still just as popular as ever. Phishing emails are cheap and they make it easy to target a large pool of people. And the attacker only needs one person to make a mistake one time to be successful.
Securing endpoints and safeguarding vulnerable campaign systems against potential threats is a must in today’s digital landscape. Endpoints include any and all end-user devices that are connected to a system; laptops, desktops, and tablets are all examples of endpoints.
Endpoint hardening is a key element of endpoint security. There are many steps campaigns can take to harden their endpoints:
- Create an inventory of endpoints
- Achieve full endpoint visibility
- Employ an effective and efficient patch management strategy
- Limit user privileges and accessibility
- Segment systems as necessary
Without an inventory, there is no way to track which endpoints have been secured and which ones haven’t -- or what’s even on your network. Having full visibility over endpoints allows users to see what endpoints are on their network and which ones need to be updated. Creating a regular patching routine and employing an effective patch management strategy is another critical element for hardening endpoints. Patching regularly helps to minimize your attack surface and keep attackers at bay. Limiting user privileges and taking the proper steps to segment and secure critical infrastructure is also key to keeping your endpoints secure -- and to minimize the effects of any potential breaches.
Cloud-based patch management for preventing election interference
For an election campaign looking to secure their systems, cloud-based patch management is ideal. It gives users the freedom to patch virtually any device on the network, regardless of what operating system it’s running or where the device is located. Campaign members often rely on personal devices for getting work done, and without a reliable patch management platform that’s scalable and adaptable, these devices can pose a significant security risk.
Cloud-based patch management is a novel solution to a modern problem. While legacy patch management options often leave IT staff scrambling to stay on top of new devices, programs and patch updates, cloud-based patch management software like Automox streamlines the process of patch management from start to finish.
Automox’s cloud-based platform can be installed on virtually any device on your network and can be used to create a complete inventory of all endpoints, regardless of their location. Automated patching solutions make the process of deploying patches and monitoring patch status less complicated -- and modern platforms like Automox make it possible to patch for different operating systems and third party applications from a single interface.
From election campaigns to the election machines themselves, there is no shortage of ways in which attackers can seek to meddle in U.S. elections. Performing regular security updates and employing an effective patch management strategy is one of the best ways to mitigate these risks. Patching is crucial to minimizing the attack surface of a network, regardless of whether that network belongs to a Fortune 500 company or a local political campaign.
With modern patching solutions like Automox, election campaigns can keep every device on their network up to date with the latest security fixes, and much more.
About Automox Automated Patch Management
Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.
Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, macOS, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.
Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.