Actions to Counter Email-Based Attacks on Election-Related Entities

The Threat and How to Think About it

Malicious cyber actors have been known to use sophisticated phishing operations to target political parties and campaigns, think tanks, civic organizations, and associated individuals. Email systems are the preferred vector for initiating malicious cyber operations. Recent reporting shows 32 percent of breaches involve phishing attacks, and 78 percent of cyber-espionage incidents are enabled by phishing.

Cyber actors launching phishing attacks often seek to entice users to do one of three things.

  • Click on a link and turn over credentials (username and password), so the cyber actor can gain access to an account.
  • Open an attachment or click a link that delivers the cyber actor’s malware.
  • Click a link to a website that the cyber actor monitors; this verifies that the email account is valid for subsequent targeting.

Cyber actors can also use credential-based techniques to gain access to accounts in various ways.

  • Password spraying attacks rely on cyber attackers using a commonly used password against multiple usernames.
  • Brute-force attacks rely on cyber attackers knowing the username and attempting several passwords.
  • Credential stuffing attacks rely on cyber attackers using usernames and password combinations gained from data breaches against other accounts.

To protect against these attacks, the Cybersecurity and Infrastructure Security Agency (CISA) strongly recommends organizations involved in any election-related activities prioritize the protection of accounts from email-based attacks by:

  • Using provider-offered protections, if utilizing cloud email.
  • Securing user accounts on high value services.
  • Implementing email authentication and other best practices.
  • Securing email gateway capabilities.

When Using Cloud Email, Use Provider-Offered Protections

Organizations that use cloud email providers should enable various protections their provider offers.

  • Require multi-factor authentication (MFA) for all user email accounts.
    • Use either physical security keys (such as those following the FIDO2 standard) or authentication apps (such as those following the TOTP algorithm).
      • Physical security keys offer protection against phishing attacks by working as a second, physical factor of authentication and only authenticating when a user is on the correct
Taxonomy Topics