Malicious cyber actors have been known to use sophisticated phishing operations to target political parties and campaigns, think tanks, civic organizations, and associated individuals. Email systems are the preferred vector for initiating malicious cyber operations. Recent reporting shows 32 percent of breaches involve phishing attacks, and 78 percent of cyber-espionage incidents are enabled by phishing.
Cyber actors launching phishing attacks often seek to entice users to do one of three things.
- Click on a link and turn over credentials (username and password), so the cyber actor can gain access to an account.
- Open an attachment or click a link that delivers the cyber actor’s malware.
- Click a link to a website that the cyber actor monitors; this verifies that the email account is valid for subsequent targeting.
Cyber actors can also use credential-based techniques to gain access to accounts in various ways.
- Password spraying attacks rely on cyber attackers using a commonly used password against multiple usernames.
- Brute-force attacks rely on cyber attackers knowing the username and attempting several passwords.
- Credential stuffing attacks rely on cyber attackers using usernames and password combinations gained from data breaches against other accounts.
To protect against these attacks, the Cybersecurity and Infrastructure Security Agency (CISA) strongly recommends organizations involved in any election-related activities prioritize the protection of accounts from email-based attacks by:
- Using provider-offered protections, if utilizing cloud email.
- Securing user accounts on high value services.
- Implementing email authentication and other best practices.
- Securing email gateway capabilities.
