With 14 Days to Go, We Haven’t Nailed the Basics.

In less than two weeks on 3 November 2020, the United States of America will hold its quadrennial Presidential election. Concerns over cybersecurity protections and processes implemented over the preceding four years remain high, as reports of foreign interference, infrastructure vulnerabilities, and failed preparedness continue to abound.

Area 1 Security outlined the risks posed by threat actors to election administrators and their email security controls in a recent report; and we continue to analyze the baseline security practices as the nation prepares for the elections.

Just this week on Monday, 19 October 2020, the website for Orange County, Florida’s Supervisor of Elections was down. Florida’s fifth-most populous county failed to properly re-register their domain, something that was luckily resolved without incident. Four more election sensitive domains are set to expire before Election Day on 3 November 2020:

albanywi.org 2020-10-22T15:48:51Z
bcn.net 2020-10-27T04:00:00Z
chesternh.org 2020-11-01T21:06:59.000Z
bethlehemnh.org 2020-11-02T14:07:25Z

And another 20 are set to expire before the year’s end, which could be critical if outcomes are not determined or remain in question before inauguration day on 20 January 2021.

arwhlaw.com 2020-11-10T05:00:00Z
cityofcumberland.net 2020-11-13T16:46:49Z
burnetcountytexas.org 2020-11-14T00:01:15Z
antwerptownship.com 2020-11-14T22:28:21Z
bessemermi.org 2020-11-15T23:58:58Z
carsoncitymi.com 2020-11-16T16:13:58Z
carrollcountyga.com 2020-11-17T18:13:46Z
buttscounty.org 2020-11-21T18:40:57.00Z
bridgeportmi.org 2020-11-21T19:20:24Z
ci.superior.wi.us 2020-11-27T23:59:59Z
bentcounty.net 2020-12-04T15:43:00Z
cityofbr.org 2020-12-06T17:31:36Z
birchruntwp.com 2020-12-16T11:25:06Z
ci.emporia.va.us 2020-12-18T23:59:59Z
hardeecountyelections.com 2020-12-20T11:59:59Z
barrecity.org 2020-12-23T17:34:03Z
alphacomm.net 2020-12-24T05:00:00Z
andersoncountyks.org 2020-12-26T16:10:34.000Z
broomecounty.us 2020-12-27T23:59:59Z
hcnj.us 2020-12-29T23:59:59Z

An extensive list of election sensitive domain registrations is provided here.

Failure for any organization to properly register their domains poses several key risks:

  1. Anyone who might register an election-sensitive domain would be able to assume the identity of elections officials and send phishing emails.
  2. Critical voter information could be removed from the internet or changed.

Recommendations:

  • Vote!
  • Domain owners should check the expiration dates of their domains and immediately make sure they are secured for the maximum ownership time available
  • Observe the recommendations for securing email in the prior “Phishing Election Administrators” report outlining the risks to election administrators and officials.

Want to keep up to date with the latest phishing trends? 

Subscribe to our newsletter here!

 

Understanding the Four Business Email Compromise Attack Types

Business Email Compromise (BEC), also sometimes referred to as email account compromise (EAC) or vendor email compromise (VEC), is a type of phishing attack that takes advantage of an existing relationship between a victim and organization.

Area 1 Security Announces the Most Spoofed Brand of 2021

Dear America’s sports-loving, company-securing fans: Before you find yourself glued this weekend to (what some call) THE biggest game in college basketball history, we are here to crown the 2022 March Hackness winner!

2022 March Hackness: The Return of the Phishing Bracket

Area 1 Security’s Sixth Annual March Hackness: The Perfect Phishing Bracket is here! Learn who made the list of the top brands that attackers use in phishing lures.