With the 2022 election season around the corner, campaigns of all sizes need to be prepared for a widened set of potential cybersecurity risks, experts say.
“A risk that I am most fearful of is the growing trend of ransomware attacks,” said Ethan Chumley, senior security strategist for critical institutions for Microsoft, at a 2022 RSA Conference panel Wednesday.
Chumley says that while so far the threat hasn’t been a big issue for the industry, the spike in attacks globally should put campaigns on guard.
That isn’t the only evolving threat campaigns face. Grace Hoyt, who runs Google’s account security partnerships, pointed to the growing threat of surveillance-for-hire technology such as spyware from companies like the NSO Group. Security researchers have already identified such campaigns on a global stage, including elections in Poland and Mexico.
Still, the top threat for campaigns remains phishing attacks like the one that allowed Russian hackers to access the email account of Hilary Clinton’s 2016 campaign chairman John Podesta. Chumley says that Microsoft has observed attackers targeting not just candidates’ and staff’s personal emails, but also targeting their families and inner circles.
Those kinds of threats aren’t ones most campaigns have to think about when it comes to cybersecurity, said Alissa Starzak, global head of public policy at Cloudflare. “A unique thing about the campaign risk space is, it’s personal,” said Starzak.
While there haven’t been any public reports of a significant ransomware attack against a campaign, the 2020 election showed that cybercriminals aren’t shy in going after election infrastructure directly. Cybercriminals disrupted the election infrastructure of a Georgia county just weeks before the 2020 election.
The intelligence community is also preparing for a more evolved set of cybercrime threats.
“The threat landscape, I believe is more complicated, more dynamic, and so it will require the full force of all the resources [we have] … It is something that I think is going to be a challenge,” CISA director Jen Easterly said at a media roundtable Tuesday.
Tim Starks contributed to this story.