Trustwave Research Identifies Risks to U.S. Election System
/ 3 min read
Quick take - Trustwave SpiderLabs conducted a research project to assess risks to the U.S. election system ahead of the November 2024 Presidential Election, finding no significant threats but identifying vulnerabilities and cyberattack patterns, particularly from advanced persistent threat groups, while emphasizing the need for enhanced security measures.
Fast Facts
- Trustwave SpiderLabs conducted research on U.S. election system vulnerabilities ahead of the November 2024 Presidential Election, finding no significant risks that could impact the election process.
- The investigation focused on threats like SolarWinds and the sale of voter details on the Dark Web, revealing global interest from foreign governments and cybercriminals, including advanced persistent threat (APT) groups.
- A honeypot website was established to attract and analyze cyberattacks, utilizing three servers to log traffic and monitor attacker behavior, with Brazil identified as a primary source of attacks.
- Commonly exploited vulnerabilities included CVE-2017-9841, CVE-2019-17558, CVE-2022-41040, and CVE-2014-2120, with reconnaissance tools like Zgrab2 and Masscan frequently used by attackers.
- Recommendations for enhancing election security include using strong passwords, disabling default usernames, applying security patches promptly, and monitoring dark web activity for potential threats.
Trustwave SpiderLabs Research on U.S. Election Security
Trustwave SpiderLabs has recently completed a comprehensive research project focused on identifying potential risks and threats to the U.S. election system in anticipation of the upcoming November 2024 Presidential Election. The research did not uncover any information that could significantly impact the election process, and Trustwave confirmed that any noteworthy findings would have been reported to the relevant authorities.
Focus on Election Infrastructure Vulnerabilities
The primary focus of the research was on vulnerabilities within the election infrastructure. The investigation examined issues related to well-known threats such as SolarWinds, the Facebook malware Ov3r_Stealer, and the illicit sale of voter details on the Dark Web. To enhance monitoring and defense mechanisms, Trustwave established a honeypot website designed to attract and analyze cyberattacks targeting the election system. This honeypot initiative utilized three servers: one main web server and two additional servers dedicated to logging traffic and monitoring various attacks. The honeypot served as an observatory for potential threats, collecting data on attacker behavior and tactics.
Global Threat Landscape
The research highlighted the global interest in U.S. elections from foreign governments and cybercriminals alike. Advanced persistent threat (APT) groups were identified as key actors seeking to exploit vulnerabilities. These groups include Fancy Bear (APT28), APT41 from China, and OilRig (APT34) from the Middle East. Their motivations include sowing chaos, undermining public confidence in democracy, and influencing U.S. foreign policy. The honeypot revealed a global distribution of attack origins, with Brazil noted as a primary source of attacks in South America, suggesting elevated levels of malicious activity from the region.
The analysis indicated heightened activity levels for web protocols, particularly during mid-July and late September. The types of attacks observed included reconnaissance efforts and exploitation attempts, with four common vulnerabilities (CVEs) frequently exploited: CVE-2017-9841, CVE-2019-17558, CVE-2022-41040, and CVE-2014-2120.
Recommendations for Enhanced Security
To bolster security measures, recommendations include the adoption of strong passwords, disabling default usernames, and promptly applying security patches. Monitoring dark web activity may also provide valuable insights into potential threats and vulnerabilities. The findings from this honeypot initiative underscore the ongoing risks to election infrastructure and highlight the critical importance of proactive security measures in safeguarding the electoral process.
Original Source: Read the Full Article Here
