Late-game election security: What to watch and watch out for

Despite disruption of the Trickbot botnet network, last-minute leaks of stolen documents and post-election undermining of trust in the election system remain big concerns.

Election security  >  Backlit hand drops a vote in a ballot box with US flag + binary code overlay
JCrosemann / Traffic Analyzer / Getty Images

As we head into the final inning of what has been a dramatic US presidential election season, it’s clear the country has so far been spared the kind of high-stakes hacking and disinformation campaigns that marred the 2016 election. Still, US intel and cyber defense organizations are on the lookout for last-minute ransomware attacks and have been joined by their private sector counterparts while social media companies appear to be clamping down on disinformation efforts.

The most striking evidence that the US  may be better prepared than it was in 2016  is the extraordinary actions taken by US CyberCommand (CyberCom) to meddle with the Russian-language Trickbot botnet network, used to deliver malware, including ransomware, and frequently exploited by Russian military intelligence for plausible deniability. Following a scoop by journalist Brian Krebs that an unknown actor was meddling with Trickbot, news leaked over the weekend that CyberCom was the meddler.

CyberCom’s goal was to thwart any possible ransomware attacks on selected or strategically important jurisdictions. The military cyber arm might have also been pushed into action by a Trickbot-enabled ransomware attack on top healthcare provider Universal Health Services (UHS), which was forced to shutter digital operations when 400 of its computer systems were locked up by Ryuk ransomware.

CyberCom was not the only party messing with the Trickbot outfit, though. Another parallel but coincidental effort to dismantle Trickbot was underway by an international coalition of telecom providers and tech organizations led by Microsoft. Tom Burt, vice president of consumer security and trust at the software giant, offered details of this Trickbot take-down attempt in a blog post in which he reiterated that “ransomware is one of the largest threats to the upcoming elections.”

Microsoft and its partners pursued a legal approach to get at the Trickbot organization, successfully arguing in the US District Court for the Eastern District of Virginia that many of the internet servers used by Trickbot abuse the company’s trademarks. The court granted Microsoft’s requests to shut down those servers.

To continue reading this article register now

22 cybersecurity myths organizations need to stop believing in 2022