Security News

Threatpost breaks down the scariest stories of the week ended Oct. 30 haunting the security industry -- including bugs that just won't die.

The US government, in full pre-presidential election high alert, has issued a warning about an evolved strain of backdoor malware from a Russian offensive cyber unit. The Zebrocy backdoor, warned the CISA infosec agency, has evolved - and while the agency didn't explicitly link it to Russia, previous research from the private sector made it abundantly clear who the malware's operators are.

As America counts down to the November 3 elections, things are tense for political campaigns. The Republican Party of Wisconsin, a key battleground state which President Trump won in 2016 by less than 1 per cent, has admitted that it lost $2.3m earlier this month to business email deception - where phishing emails harvest credentials and use these to submit fake or altered invoices for services rendered.

While 2020 has brought many challenges, perhaps the most critical from a social perspective is how we have intertwined mobile devices into our daily lives. We've seen a similar tactic used in an ongoing mobile phishing campaign that sends a message purporting to be a missed package delivery with a link to a fake claim page that is a mobile phishing attack.

A recent attack on Tyler Technologies, a software provider for local governments across the US, highlighted the concerns held across the nation and left many to wonder if the software providers in charge of presidential election data might suffer a similar fate. The best defense also integrates cybersecurity and data protection, as removing segmentation streamlines the process of detecting and responding to attacks, while simultaneously recovering systems and data.

An election security report released by Valimail exposed some significant issues with email security which could have the potential to disrupt the 2020 elections. Just 7% of the largest counties' domains are protected, an increase of just 2 percentage points from 2019.Only one of the eight election systems manufacturers certified by the US government is protected from email spoofing.

Hackers seeking to sow chaos in the November 3 election are hard at work - but some experts say they don't need to be successful to have an impact. Simply the perception of breaching election systems could have the same effect of undermining confidence in the outcome and opening the door to discrediting the results.

Through disinformation campaigns, foreign adversaries attempt to exploit the fear and uncertainty among US voters, says Digital Shadows. The 2016 presidential election was marked by meddling most notably from Russian agents who attempted to influence voters through disinformation on social media and other platforms.

A ransomware attack that hobbled a Georgia county government in early October reportedly disabled a database used to verify voter signatures in the authentication of absentee ballots. According to a report in the Gainesville Times, the attack also disabled the county's voter signature database.

That presents a fresh set of security concerns, which include a lack of transparency over the security measures and voter auditing applied to each type of voting method. The lack of resources needed to adapt and secure the mail-in voting process by the early November election date is has been another cause for concern.