Addressing the mobile threat to the U.S. election

In April 2024, cybercriminals successfully targeted Coffee County, Ga., with a ransomware attack that forced the county to cut connection to the state’s voter registration system, impacting more than 43,000 citizens.

This attack is one of countless recent cyberattacks targeting state and local electoral processes. Just months earlier, in January, citizens in New Hampshire received recorded messages from a robocall imitating President Biden, encouraging them not to vote in the New Hampshire Democratic presidential primary election. That same month, criminals launched a cyberattack against Fulton County, Ga., shutting down election systems.

Even last year, an AI-generated deepfake of Chicago mayoral candidate Paul Vallas making controversial statements about police funding surfaced on X, potentially influencing the election’s outcome.

Ahead of the upcoming election season, state and local election offices will be responsible for ensuring the security and integrity of the U.S. presidential election. In January, CISA Director Jen Easterly noted election security is top of mind for the U.S. government when she issued a statement that the U.S. should “absolutely expect” foreign actors to attempt to interfere in the election process.

This warning highlights a concerning and growing problem—according to recent surveys, in the first eight months of 2023, malware attacks against state and local agencies spiked by 148% and ransomware incidents rose by 51% compared to the same period in 2022.

Mobile devices as election threats
The rise of AI-generated deep fakes, disinformation campaigns, hacktivists and advanced phishing attacks is making it increasingly difficult for resource-constrained state and local governments to protect their electoral processes. Amidst these attacks, one critical but easy-to-overlook gap in current security strategies is mobile devices.

With the increase of bring-your-own-device (BYOD) policies in government and mobile devices becoming enmeshed into daily life, election officials and staffers are leveraging these devices for campaign-related activity, such as using mobile apps and text messaging voters with candidate-related links. This makes mobile devices a prime target for hackers looking to get access to credentials for financial gain.

Threat actors target these mobile devices using advanced phishing tactics, taking advantage of SMS, deep fakes in phone calls and voicemails and other methods to gain access to or bypass standard security mechanisms like multi-factor authentication (MFA). These attacks can aim to convince targets to click on links, which could lead to disinformation, install malware or surveillanceware on smartphones or steal credentials tied to election infrastructure, putting sensitive data, political campaign strategies and voter databases at risk. Embedded links can be hidden in SMS messages such as fake package redelivery notices, pose as an app such as a candidate election app or relay information via social media on polling locations or voting times.

Once a victim clicks the fake link, they’re led to a website that tricks them into entering their username and password for an account, where they may inadvertently download malware, giving criminals a back door into government systems housing private voter and citizen information. These attacks open the door to various malicious activities, such as disinformation campaigns, surveillanceware and more. Because threat actors only need to get past the login process to compromise an infrastructure, social engineering attacks targeting officials’ phones have become very popular among criminals.

Government is taking steps to protect elections
Moving into a prominent election season, state and local agencies must be prepared to address a high-threat environment, facing both familiar and unfamiliar attacks. The federal government has recognized the increasing threats against U.S. elections and begun taking steps to strengthen election security processes across state and local governments.

This year, CISA launched a new webpage, #Protect2024, providing resources for election officials and infrastructure stakeholders to protect against election infrastructure security threats. Coincidingly, the Help America Vote Act (HAVA)’s Election Security Grant website was recently updated with instructions on how states can request funding to enhance technology, election administration and make election security improvements.

While these initiatives are a step in the right direction, funding is often not substantial enough to appropriately trickle down from state agencies to local county and city election offices. As such, many localities are forced to pull from emergency management funds to fulfill the minimum election security standards. Additionally, these initiatives don’t account for the increasingly sophisticated threats to mobile devices.

Amid competing priorities and limited funding, truly protecting election security requires government IT leaders to evolve their cyber approaches to include comprehensive mobile defense strategies.

Proactively addressing the mobile gap
State and local governments can proactively defend election infrastructures against sophisticated malware and phishing attacks with Mobile Threat Defense solutions that provide deep insight into mobile risks and vulnerabilities. With advanced threat intelligence that provides visibility into attack vectors and global threat trends, election administrators can stay ahead of attackers and build proactive protection policies that determine what risks could be most threatening to election systems.

Equally important, state and local election officials must take advantage of Mobile Endpoint Detection and Response (Mobile EDR), which allows agencies to comprehensively monitor mobile device activity, streamline response times, and proactively monitor for unknown threats against election infrastructure.

By equipping local election offices with a robust mobile threat solution in the early stages of campaign season—not waiting until the first week of November—state and local governments can effectively address the security challenges this upcoming election season is poised to present.

Jim Coyle serves as the U.S. public sector CTO at Lookout, drawing upon two decades of hands-on experience in cybersecurity to assist government agencies in fortifying their defenses. Coyle is a cyber security industry thought leader, delving into geopolitical cyber issues, emerging threats, defense tactics and industry developments, offering valuable insights cultivated throughout his career.