After a ransomware attack hit a technology vendor that helps provide transparency around elections, many cybersecurity experts are worried about a new avenue of attack on the upcoming elections.
Tyler Technologies, which sells which sells software to state and local governments, announced it was hit with a cyberattack on Sept. 23. The Plano, Texas, company has offered few details, saying the attack is under investigation, but it said the attackers targeted the company’s internal telephone and information technology systems with ransomware.
Cybersecurity experts say election-related vendors should expect more of the same.
“We can expect these attacks to proliferate, which is why IT and security teams supporting the voting infrastructure must be constantly vigilant when monitoring for potential cyberattacks,” Gidi Cohen, CEO of cybersecurity vendor Skybox Security, told the Washington Examiner.
Cohen urged election-related organizations to “go back to the basics” by reviewing their security programs, identifying the most significant risks, and implementing an immediate mitigation plan.
“While investing in larger systems and new technologies will help better fortify our voting infrastructure longer-term, six weeks isn’t enough lead time with so much hanging in the balance,” he added.
Cohen said that the good news is that the United States doesn’t use a centralized national voting and reporting system, making it more difficult for cybercriminals and malicious actors to infiltrate, but he added, “If there are state and local jurisdiction vulnerabilities, there is the potential for widespread impact.”
It’s unclear if the attack on Tyler Technologies was part of the campaign by Russia, China, and other countries to influence the U.S. election. Still, some security experts said the attack fits in with the broader mission to create distrust about the U.S. election system.
“Political campaigns are easy targets with big rewards,” Steve Tcherchian, chief information security officer at XYPRO Technology, a cybersecurity analytics vendor, told the Washington Examiner. “We saw during the 2016 election how an improperly secured home email server can do insurmountable damage to a campaign. It potentially influenced our entire election, thus influencing how policies are set, what priorities are focused on, and how relationships between countries are handled.”
Ransomware could be a useful tool for cyberattackers looking to dispute the election, he added.
“Criminals love panic and chaos,” he said. “They’ll use every opportunity to exploit the situation. There is a lot of damage that can be done to a campaign by ‘ransomwaring’ a PAC or a consulting firm supporting a campaign.”
It’s unclear if there were political motivations in the Tyler Technologies attack. However, some security experts noted that there have been malware attacks on every U.S. election since 2006. Still, in many cases, the attacks are an attempt to influence the outcome, said Elisha Riedlinger, chief operating officer at NeuShield, an anti-ransomware vendor.
But in most cases, ransomware attackers are looking for a quick payday, Riedlinger told the Washington Examiner. She added that ransomware “could serve to restrict access to voting data, increasing the urgency and the likelihood of the attacker getting paid. Ransomware authors don’t care what they disrupt as long as they get paid, and they have already seen that attacking government can be lucrative.”
Election-related organizations, however, are fertile ground for ransomware attackers, said Brandon Hoffman, chief information security officer at cybersecurity vendor Netenrich.
“Ransomware against election-related targets is the perfect combination of a timely, well-funded, data-rich environment that speaks directly to the main motivations of ransomware threat actors,” he told the Washington Examiner. “Not only do these organizations have the money, but they also cannot afford downtime.”
Ransomware attacks on election organizations could lead to both financial gain and further a political agenda, he added. Such attacks would be “the perfect storm fitting both agendas,” he said. “Damaging reputations, getting paid the ransom, and accessing data about the campaigns or candidates themselves creates a triple incentive for threat actors.”
