How Malware and Spam Groups Exploited the U.S. Election

November 18, 2016

Cybersecurity, or lack thereof, was a hallmark of the 2016 election season. With Clinton’s campaign chairman, John Podesta, being chief among the targets of cyber attackers. In March of this year, Podesta fell victim to the oldest trick in the book – phishing – which led to the subsequent hacking and Wikileaks-led disclosure of hundreds of thousands of emails.

Email phishing scams are used by cybercriminals to spread ransomware and gain access to sensitive data, and they are on the rise. Phishing works when criminals send out spam emails. Each email appears to come from a trusted company, in Podesta’s case, Google. The email directs the reader to a spoof page where they are then asked to provide confidential information such as a password, social security number, etc.

But Podesta wasn’t the only target of bogus emails, a total of 108 email addresses in the Clinton camp were targeted in the same month, with at least 20 of those password-change request links being clicked on by unsuspecting campaign staffers.

Phishing is on the rise, not just in election season either. According to the 2016 Symantec Internet Threat Report, phishing targeting employees increased 55% last year alone.

Spam, the vehicle for phishing, also shot up during the election. Symantec reportedly blocked eight million spam emails relating specifically to election events and peaked as polling day got closer.

“The trend reflects one of the tactics most commonly used by spam groups. Emails concerning current events are more likely to get the attention of recipients, so are more likely to be opened” wrote the Symantec Security Response Team in mid-October.

Common tactics included using the names of candidates to lure people to open emails with malicious attachments. Subject lines that Symantec tracked include: “Donald Trump’s Secret Letter” and “Donald Trump Revealed” both containing .zip files that claimed to reveal private emails and images of Trump engaged in indecent acts. On the Clinton side, Symantec reported that it discovered an email in August purporting to show a video of Clinton with an ISIS leader.

Malware also experienced an uptick during election season. The number of malware-bearing emails has spiked periodically in the month running up to the election reflecting an overall upwards trend.

What can you do? In addition to training employees on how to spot potential phishing and malware attempts, organizations should also work to modernize their endpoint security to include these four essential components to blocking cyber attacks.