Last week, I took a deep dive on U.S. election-related topics, including the government’s response to potential cyber threats, the issue of malspam during the election, and whether or not nation-state attacks had a meaningful impact on the election.
Here are the five key lessons learned from all of this.
It’s not always DDoS.
While many other countries experienced DDoS attacks during their election processes in 2020, the United States did not suffer from any major service outages due to Denial of Service attacks. At least none that were publicly reported.
But this is not a reason to become dismissive about election-related DDoS attacks. In the run-up to the election in the United States, Google’s Threat Analysis Group (TAG) disclosed that the world largest DDoS attack, 2.5Tbps, was launched back in 2017 in a bid to help raise public awareness about nation-state actors increasing their ability to launch large scale Denial of Service attacks.
Sometimes you prepare for the wrong things.
This year during the run-up to the presidential election in the United States, many people were so consumed by the possibility of foreign election interference mis/disinformation that they missed the growing threat in their backyard. As a result, many domestic social accounts were found to be propagating mis/disinformation in an attempt to interfere or cast doubts about the legitimacy of the election.
Malspam during an election can go both ways.
Malspam is one of the most common and problematic attack vectors currently plaguing the threat landscape. Threat actors and campaigns can range from for-profit cybercriminals who are opportunists trying to make a buck off current events to politically-driven actors. This year during the election we saw the opportunist behind Emotet, TA542, use political-themed lures to maximize their impact while the operators behind Trickbot found themselves mitigating an offensive attack from both the public and private sector due to the threat they posed.
Attribution is a slippery slope.
During this election, we saw the United States government attribute an Iranian campaign within two days of the attack and in turn, respond by launching an offensive military cyber operation. While the discussion around attribution is a slippery slope, this was a rare public move by the US government to quickly counter a growing threat. This operation, however, does open up the conversation about the use and effectiveness of offensive, hack back, campaigns. It appears at the moment that this operation conducted by U.S. Cyber Command put the attackers in a defensive and reactive position you rarely see them in, due to the ‘observe and report’ nature of current cybersecurity practices.
Controlling public speech will backfire. Every time.
As we saw during the election, censoring and labeling dis/misinformation did nothing to stop the spread of it. In fact, in general, redacted information piques human curiosity. Naturally, humans are going to reveal the unknown and emotionally reposed to, and spread, said content. Misinformation at the end of the day is like a Chinese finger trap. The more attention you give it and the more you pull on it, the tighter the situation gets. By giving attention to dis/misinformation, we inherently helped spread it.