On March 29, the FBI warned of an ongoing and wide spread phishing campaign targeting US election officials. Using false invoice queries and compromised email accounts, attackers have attempted to steal the credentials of officials in at least nine states since October 2021.
The FBI said in its Private Industry Alert. “If successful, this operation could provide cyber actors with persistent, undetected access to the victims system.”
More themed form of scam
On October 5, 2021, unknown threat actors sent phishing emails targeting US election officials and representatives of the National Association of Secretaries of America (NASS). These emails come from at least two separate email addresses. Attached to the emails is a file titled INVOICE INQUIRY.PDF. Malicious files led email recipients to a credential harvesting website. One of the phishing email addresses discovered was that the email account of a US government official was compromised.
Similar incidents occurred on October 18 and 19 using email addresses believed to be from private US businesses. These attacks targeted county election workers and election officials. The malicious emails contained Microsoft Word documents styled to look like invoices. These attacks also direct targeted users to credential harvesting websites.
All incidents occurred within a short period of time with the same scam. So it’s likely that the attacks came from the same source.
Physical damage is unclear
The FBI warning did not specify whether any systems or data were compromised as a result of these incidents. However, the FBI predicts these types of attacks could continue or increase ahead of the 2022 midterm elections.
NASS is the oldest nonpartisan professional organization of public officials in the United States, comprised of the secretaries of the states and territories of the United States. NASS addresses issues of concern to secretaries of states, such as voter turnout, voting procedures, business services, securities, and government records.
In an email, Maria Benson, director of communications for NASS, stated, “NASS staff did not click on the email attachment in question and as a result there was no problem.”
Meanwhile, there have been no reports of other election officials’ offices having their credentials stolen or otherwise compromised.
FBI Anti-Fraud Recommendations
In the warning, the FBI mentioned how to minimize the risk of being compromised. Some ways to prevent phishing attacks include:
• Train employees on how to detect phishing, social engineering, and impersonation attacks
• Advise employees to be cautious when providing sensitive information such as credentials electronically or over the phone, especially if unsolicited or odd requests
• Create protocols to alert IT about suspicious emails
• Mark external emails with a banner indicating the email came from an external source
• Add a spam filter to prevent phishing emails from reaching end users. Filter emails containing executable files to reach end users.
• Advise trained staff not to open email attachments from unknown senders
• Require all accounts to have strong, unique passwords. Do not reuse passwords or save password information on systems that the opponent can access.
• Require multi-factor authentication for all services to the extent possible, especially for webmail, virtual private networks, and accounts accessing critical systems
• In case of system or network compromise, make required passphrase changes for all affected accounts
• Keep all operating systems and software updated with timely patches.
Currently, there are no reports of US election officials facing compromise because of this emerging attack strategy. As we get closer to the midterm elections, security agents will no doubt be on high alert.
Vina Aspire is a consulting company, providing IT solutions and services, network security, information security & safety in Vietnam. Vina Aspire’s team includes skilled, qualified, experienced and reputable experts and collaborators, along with major domestic and foreign investors and partners to join hands in building.
Businesses and organizations wishing to contact Vina Aspire Company with the following information:
Email: info@vina-aspire.com | Website: www.vina-aspire.com
Tel: +84 944 004 666 | Fax: +84 28 3535 0668
Vina Aspire – Vững bảo mật, trọn niềm tin
