Election Cybersecurity: Preparing for the 2020 U.S. Elections.

At Cloudflare, our mission is to help build a better Internet. As we look to the upcoming 2020 U.S. elections, we are reminded that having the Internet be trusted, secure, reliable, and accessible for campaigns and citizens alike is critical to our democracy. We rely on the Internet to share and discover pertinent information such as how to register to vote, find polling locations, or learn more about candidates.

Due to the spread of COVID-19, we are seeing a number of election environments shift online, to varying degrees, with political parties conducting virtual fundraisers, campaigns moving town halls to online platforms and election officials using online forms to facilitate voting by mail. As the 2020 U.S. elections approach, we want to ensure that players in the election space have the tools they need to stay online to promote trust and confidence in the democratic system.

We’re keeping an eye on how this shift to online activities affect cyberattacks. From April to June 2020, for example, we saw a trend of increasing DDoS attacks, with double the amount of L3/4 attacks observed over our network compared to the first three months of 2020. In the election space, we are tracking trends and vulnerabilities to better understand the threats against these critical players. Our goal is to use the information to create best practices for election and campaign officials so they can be better prepared for the upcoming elections.

Key Takeaways:

  • When comparing types of attacks against campaigns and government election sites, we saw the exact inverse type of attacks with political campaigns experiencing more DDoS attacks while government sites experiencing more attempts to exploit security vulnerabilities.
  • On average, state and local government election sites experience 122,475 cyber threats per day with an average of 199 SQL injection attempts per day.
  • On average, political campaigns experience 4,949 cyber threats per day, although larger campaigns may see far more.

#athenian project #election security #elections #security

What is GEEK

Buddha Community

Election Cybersecurity: Preparing for the 2020 U.S. Elections.
Brain  Crist

Brain Crist

1594753020

Citrix Bugs Allow Unauthenticated Code Injection, Data Theft

Multiple vulnerabilities in the Citrix Application Delivery Controller (ADC) and Gateway would allow code injection, information disclosure and denial of service, the networking vendor announced Tuesday. Four of the bugs are exploitable by an unauthenticated, remote attacker.

The Citrix products (formerly known as NetScaler ADC and Gateway) are used for application-aware traffic management and secure remote access, respectively, and are installed in at least 80,000 companies in 158 countries, according to a December assessment from Positive Technologies.

Other flaws announced Tuesday also affect Citrix SD-WAN WANOP appliances, models 4000-WO, 4100-WO, 5000-WO and 5100-WO.

Attacks on the management interface of the products could result in system compromise by an unauthenticated user on the management network; or system compromise through cross-site scripting (XSS). Attackers could also create a download link for the device which, if downloaded and then executed by an unauthenticated user on the management network, could result in the compromise of a local computer.

“Customers who have configured their systems in accordance with Citrix recommendations [i.e., to have this interface separated from the network and protected by a firewall] have significantly reduced their risk from attacks to the management interface,” according to the vendor.

Threat actors could also mount attacks on Virtual IPs (VIPs). VIPs, among other things, are used to provide users with a unique IP address for communicating with network resources for applications that do not allow multiple connections or users from the same IP address.

The VIP attacks include denial of service against either the Gateway or Authentication virtual servers by an unauthenticated user; or remote port scanning of the internal network by an authenticated Citrix Gateway user.

“Attackers can only discern whether a TLS connection is possible with the port and cannot communicate further with the end devices,” according to the critical Citrix advisory. “Customers who have not enabled either the Gateway or Authentication virtual servers are not at risk from attacks that are applicable to those servers. Other virtual servers e.g. load balancing and content switching virtual servers are not affected by these issues.”

A final vulnerability has been found in Citrix Gateway Plug-in for Linux that would allow a local logged-on user of a Linux system with that plug-in installed to elevate their privileges to an administrator account on that computer, the company said.

#vulnerabilities #adc #citrix #code injection #critical advisory #cve-2020-8187 #cve-2020-8190 #cve-2020-8191 #cve-2020-8193 #cve-2020-8194 #cve-2020-8195 #cve-2020-8196 #cve-2020-8197 #cve-2020-8198 #cve-2020-8199 #denial of service #gateway #information disclosure #patches #security advisory #security bugs

Election Cybersecurity: Preparing for the 2020 U.S. Elections.

At Cloudflare, our mission is to help build a better Internet. As we look to the upcoming 2020 U.S. elections, we are reminded that having the Internet be trusted, secure, reliable, and accessible for campaigns and citizens alike is critical to our democracy. We rely on the Internet to share and discover pertinent information such as how to register to vote, find polling locations, or learn more about candidates.

Due to the spread of COVID-19, we are seeing a number of election environments shift online, to varying degrees, with political parties conducting virtual fundraisers, campaigns moving town halls to online platforms and election officials using online forms to facilitate voting by mail. As the 2020 U.S. elections approach, we want to ensure that players in the election space have the tools they need to stay online to promote trust and confidence in the democratic system.

We’re keeping an eye on how this shift to online activities affect cyberattacks. From April to June 2020, for example, we saw a trend of increasing DDoS attacks, with double the amount of L3/4 attacks observed over our network compared to the first three months of 2020. In the election space, we are tracking trends and vulnerabilities to better understand the threats against these critical players. Our goal is to use the information to create best practices for election and campaign officials so they can be better prepared for the upcoming elections.

Key Takeaways:

  • When comparing types of attacks against campaigns and government election sites, we saw the exact inverse type of attacks with political campaigns experiencing more DDoS attacks while government sites experiencing more attempts to exploit security vulnerabilities.
  • On average, state and local government election sites experience 122,475 cyber threats per day with an average of 199 SQL injection attempts per day.
  • On average, political campaigns experience 4,949 cyber threats per day, although larger campaigns may see far more.

#athenian project #election security #elections #security

Ron  Cartwright

Ron Cartwright

1602968400

Election Systems Under Attack via Microsoft Zerologon Exploits

U.S. government officials have warned that advanced persistent threat actors (APTs) are now leveraging Microsoft’s severe privilege-escalation flaw, dubbed “Zerologon,” to target elections support systems.

Days after Microsoft sounded the alarm that an Iranian nation-state actor was actively exploiting the flaw (CVE-2020-1472), the Cybersecurity Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) published a joint advisory warning of further attacks.

The advisory details how attackers are chaining together various vulnerabilities and exploits – including using VPN vulnerabilities to gain initial access and then Zerologon as a post-exploitation method – to compromise government networks.

“This recent malicious activity has often, but not exclusively, been directed at federal and state, local, tribal and territorial (SLTT) government networks,” according to the security advisory. “Although it does not appear these targets are being selected because of their proximity to elections information, there may be some risk to elections information housed on government networks.”

With the U.S. November presidential elections around the corner – and cybercriminal activity subsequently ramping up to target election infrastructure and presidential campaigns – election security is top of mind. While the CISA and FBI’s advisory did not detail what type of elections systems were targeted, it did note that there is no evidence to support that the “integrity of elections data has been compromised.”

Microsoft released a patch for the Zerologon vulnerability as part of its August 11, 2020 Patch Tuesday security updates. Exploiting the bug allows an unauthenticated attacker, with network access to a domain controller, to completely compromise all Active Directory identity services, according to Microsoft.

Despite a patch being issued, many companies have not yet applied the patches to their systems – and cybercriminals are taking advantage of that in a recent slew of government-targeted attacks.

The CISA and FBI warned that various APT actors are commonly using a Fortinet vulnerability to gain initial access to companies. That flaw (CVE-2018-13379) is a path-traversal glitch in Fortinet’s FortiOS Secure Socket Layer (SSL) virtual private network (VPN) solution. While the flaw was patched in April 2019, exploitation details were publicized in August 2019, opening the door for attackers to exploit the error.

Other initial vulnerabilities being targeted in the attacks include ones in Citrix NetScaler (CVE-2019-19781), MobileIron (CVE-2020-15505), Pulse Secure (CVE-2019-11510), Palo Alto Networks (CVE-2020-2021) and F5 BIG-IP (CVE-2020-5902).

After exploiting an initial flaw, attackers are then leveraging the Zerologon flaw to escalate privileges, researchers said. They then use legitimate credentials to log in via VPN or remote-access services, in order to maintain persistence.

#critical infrastructure #vulnerabilities #web security #alert #apts #chaining #cisa #citrix netscaler #cve-2018-13379 #cve-2019-11510 #cve-2019-19781 #cve-2020-1472 #cve-2020-15505 #cve-2020-2021 #cve-2020-5902 #election security #election systems #exploit chain #f5 big-ip #fbi #government attacks #microsoft #mobileiron #palo alto networks #pulse secure #vpn #warning #zerologon

Voter Registration ‘Error’ Phish Hits During U.S. Election Frenzy

Cybercriminals this week are tapping into this week’s political frenzy with a new phishing lure that warns U.S. targets that their voter registration data needs extra details.

The emails purport to come from the U.S. Election Assistance Commission, an independent agency of the United States government that serves as a national resource of information regarding election administration. Utilizing this organization as a sender shows that cybercriminals are tapping into the vast database of U.S. citizens who are preparing to vote in the U.S. presidential election, which is right around the corner.

The email contains a URL, which leads to a spoofed web page that steals a variety of targets’ personal data, including name, date of birth, mailing address, email address, Social Security number and driver’s license data.

“Whatever the intent behind this particular phishing attack, it should serve as a reminder that human beings — users, employees, citizens and voters — are ‘soft targets’ for malicious actors,’ said Eric Howes with KnowBe4, in a Friday analysis. “This is especially true in turbulent times such as the present — when fear, confusion and doubt are surging in the run-up to a historic election that just happens to fall in the middle of a catastrophic pandemic.”

The emails subject says “voter registration application details couldnt be confirmed,” and the body of the email tells users: “Your Arizona voter’s registration application submitted has been reviewed by your County Clerk and some few details couldnt be comfirmed” (Note a suspicious lack of capitalization, spelling and grammar, which serve as a tip that the email is malicious).

The email then asks recipients to reconfirm their details to allow for processing, saying it could take up to two days to reflect in the system, and points to a URL.

“The social-engineering tactic being used here is a classic one in which email recipients are told of a problem with one of their accounts (usually a bank account) and are then offered a link to fix or redress the problem,” said researchers.

Though the email pretends to come from the U.S. Election Assistance Commission, the link in the email sends users to a web page that spoofs ServiceArizona, which is part of the state government of Arizona. The page includes images pulled directly from the state’s official site.

“Arizona, it should be noted, is considered a potentially important swing state in the upcoming U.S. presidential election,” said researchers. “The state also happens to be hosting a hotly contested election for one of the state’s two U.S. Senate seats.”

However, it should be noted that the phishing email reported to KnowBe4 was submitted by a target in Wisconsin – who wouldn’t submit a voter registration application in Arizona – another potential error on the side of the cybercriminals.

“Curiously, the copy of the email we received was submitted by a customer in Kenosha County, WI — a locality that has been in the news recently due to widely reported civil unrest in the area,” said researchers. “Moreover, like Arizona, Wisconsin is expected to play an important role in the upcoming election.”

#vulnerabilities #web security #arizona voters #biden #covid-19 #cyberattack #phishing attack #phishing emails #trump #u.s. election assistance commission #us elections #us government #vote #voter registration

Shawn  Durgan

Shawn Durgan

1597068204

Qualcomm Bugs Open 40 Percent of Android Handsets to Attack

Researchers identified serious flaws in Qualcomm’s Snapdragon SoC and the Hexagon architecture that impacts nearly half of Android handsets.

Six serious bugs in Qualcomm’s Snapdragon mobile chipset impact up to 40 percent of Android phones in use, according research released at the DEF CON Safe Mode security conference Friday.

The flaws open up handsets made by Google, Samsung, LG, Xiaomi and OnePlus to DoS and escalation-of-privileges attacks – ultimately giving hackers control of targeted handsets. Slava Makkaveev, a security researcher with Check Point, outlined his discoveryand said while Qualcomm has provided patches for the bug, most OEM handset makers have not yet pushed out the patches.

Click to register!

The faulty Qualcomm component is the mobile chip giant’s Snapdragon SoC and the Hexagon architecture. Hexagon a brand name for Qualcomm’s digital signal processor (DSP), part of the SoC’s microarchitecture. DSP controls the processing of real-time request between the Android user environment and the Snapdragon processor’s firmware – in charge of turning voice, video and services such GPS location sensors into computationally actionable data.

Makkaveev said the DSP flaws can be used to harvest photos, videos, call recordings, real-time microphone data, and GPS and location data. A hacker could also cripple a targeted phone or implant malware that would go undetected.

The six flaws are CVE-2020-11201, CVE-2020-11202, CVE-2020-11206, CVE-2020-11207, CVE-2020-11208 and CVE-2020-11209. Using a fuzzing technique against handsets with the vulnerable chipset, Check Point was able to identify 400 discrete attacks.

The prerequisite for exploiting the vulnerabilities is the target would need to be coaxed into downloading and running a rogue executable.

Qualcomm declined to answer specific questions regarding the bugs and instead issued a statement:

“Providing technologies that support robust security and privacy is a priority for Qualcomm. Regarding the Qualcomm Compute DSP vulnerability disclosed by Check Point, we worked diligently to validate the issue and make appropriate mitigations available to OEMs. We have no evidence it is currently being exploited. We encourage end users to update their devices as patches become available and to only install applications from trusted locations such as the Google Play Store.” – Qualcomm Spokesperson

The flaws were brought to Qualcomm’s attention between February and March. Patches developed by Qualcomm in July. A cursory review of vulnerabilities patched in the July and August Google Android Security Bulletins reveal patches haven’t been yet been pushed to handsets. For that reason, Check Point chose not to reveal technical specifics of the flaws.

What technical details that are available can be found in a DEF CON Safe Mode video posted to online. Here Makkaveev shares some technical specifics.

#hacks #mobile security #vulnerabilities #cve-2020-11201 #cve-2020-11202 #cve-2020-11206 #cve-2020-11207 #cve-2020-11208 #cve-2020-11209 #def con safe mode #digital signal processor #dos #dsp #escalation of privileges attack #google #hexagon architecture #lg #oneplus #qualcomm #samsung #snapdragon #soc #xiaomi