Check Point Research reveals spike in malicious domains cyber threats ahead of 2020 US elections

Check Point Research is conducting an ongoing study into cyber threats in the run-up to the 2020 US elections. Initial findings of the study show surges in the number of malicious domains related to the election. Furthermore, researchers at CPR have outlined their top 6 attack scenarios to most watch out for leading up to election-day.

Check Point researchers conducted a study on election-related domains between the months of June and October 2020. Compared to other domains registered during this time period, election-related domains have a 56% higher chance of being malicious. Since the middle of August until now, Check Point researchers documented an average of 1,545 new election-related domains registered each week, presenting a 24% increase from previous months. In the month of September, 16% of all election-related domains were found to be malicious.

Spike in Malicious Election-related Domains

The upcoming Presidential Election has already been marked by storms of controversy over misleading claims"

Oded Vanunu, Check Point’s Head of Products Vulnerabilities Research said:  “The upcoming Presidential Election has already been marked by storms of controversy over misleading claims and the potential for vote-tampering. Now threat actors are ramping up their efforts to manipulate the results and cause additional disruption, by creating fake election-related websites with the aim of spreading false news and propaganda, or of stealing users’ details. With just 20 days to go until election day on 3rd November, we urge people to double-check the election-related resources they visit online to ensure they are genuine and trustworthy, and to avoid the risk of having their personal data phished.”

Check Point also outline the top 6 possible election cyber-attack scenarios:

DDoS on the US Postal Service

A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.

The postal service consists of conveyors, sorters, scanners, servers and databases that would have to function together to allow millions of voters to exercise their right to vote. This digital system, unfortunately, could be a target for cyber-attacks. A denial of service attack on postal branches in various states could result in significant delays in the delivery of votes to the relevant authorities for tabulation, as well as lead to questions about the integrity of the results and erode public confidence in the democratic process.

Prevention: It is critical that the national cyber authorities implement DDoS mitigation solutions that have the capabilities to protect and prevent such destructive attacks. Such protection must secure the infrastructure of the service, and have the ability to automatically detect and mitigate known and zero-day DoS/DDoS attacks in real-time.

Fake News becomes a Central Attack Vector

The claim of ‘fake news!’ surrounding contentious issues has become a new attack vector over the past four years

The claim of ‘fake news!’ surrounding contentious issues has become a new attack vector over the past four years without people really understanding its full impact.

Following the 2016 election, U.S. officials accused foreign actors of trying to influence the elections through the spread of false information, fabricated news items, and misleading data aimed at shifting public opinion in favour of the candidate of their choice.

Prevention: Beware of content one engages with. Look out for and check links one receives. Use info from trustworthy sources. Don’t open emails from unknown sources.

Attacks on the Communication of the Result

One memorable attack impacting the election result-publication systems occurred in the 2014 Ukrainian elections, when government experts detected and removed malware designed to change the vote results that were supposed to be presented.

The malware had been designed to portray the ultra-nationalist, right-wing party leader Dmytro Yarosh as the winner with 37 percent of the votes instead of the 1 percent that he actually received. Although the malware was removed and the correct results were presented on the CEC website, Russian Channel One incorrectly reported that Yarosh was leading with 37 percent of the votes and displayed a screenshot from the CEC showing these fake results.

This can be simply overcome by establishing alternative communication channels with public media and press agencies.

Meme Warfare

"Meme camouflage" aims to defeat the algorithm of social media by flooding it with memes

"Meme camouflage" aims to defeat the algorithm of social media by flooding it with memes that spread the desired messages. Meme channels, such as "Meme ware 2020 #9" and "Election win memes" are channels that were built with the target of flooding social media platforms on the night of the elections, even if the results have been tallied.

The actual "game plan" of such channels is to bypass the way social media deletes messages - by simply flooding hundreds of them and get at least some of them stay online undetected by social media admins. This is very likely to happen on election night itself.

Prevention: National cyber authorities must make sure their result publication systems contain malware defence that include layers of safeguards, including continuous network scans. Today's next generation firewalls can protect against viruses, worms, Trojans, spyware and ransomware, and have the ability to identify and completely block malware before they enter the network and inflict damage.

Leaking Documents Snatched from the Opponent Document

During the 2016 elections, hackers affiliated with foreign actors infiltrated the information systems of the Democratic National Committee (DNC), the Democratic Congressional Campaign Committee (DCCC), and Clinton campaign officials, notably chairman John Podesta, and publicly released stolen files and emails through WikiLeaks, among other outlets, during the election campaign.

Russian government officials have denied involvement in any of the hacks or leaks creating frequent negative news cycles. On the other side of the political map, the RNC (Republican National Committee) was not immune to such attacks, on January 10, 2017, it was revealed by the FBI that Russia succeeded in "collecting some information from Republican-affiliated targets but did not leak it to the public.

Prevention: To avoid data breaches, passwords should be maintained on all accounts, enforce password policies within the organisation, enforce information security awareness and education, use authentication and endpoint security on which data is stored.

Malicious election-related domains

As the FBI recently warned, “Spoofed domains and email accounts are leveraged by foreign actors and cybercriminals and can be easily mistaken for legitimate websites or emails. Adversaries can use spoofed domains and email accounts to disseminate false information; gather valid usernames, passwords, and email addresses; collect personally identifiable information; and spread malware, leading to further compromises and potential financial losses.” 

Prevention:

1. Check for authentic URLs. Verify one using a URL from an authentic website. One way to do this is NOT to click on links in emails, and instead click on the link from the Google results page after searching for it.
2. Watch for shortened links. Often, hackers will abridge a url once one clicks, fooling a person into thinking they are clicking through to something legitimate. Furthermore, beware of lookalike domains, spelling errors in emails or websites, and unfamiliar email senders.