As DDoS attacks are the easiest, cheapest, most destructive, and anonymous cyberattacks to be launched, they are often used in certain political, and privacy centered environments. During the US elections progressing, political campaigns experienced an average of 4,949 cyber-threats per day, and larger campaigns even more. US government election-related sites see 122,475 threats every day.
Side Effects of DDoS Attacks on Elections
Here are some examples of instances that resulted in huge monetary and other DDoS related damages.
Down on Election Day
North Macedonia’s State Electoral Commission, SEC, suffered an alleged DDoS attack for more than three hours during the parliamentary elections in July 2020. The attack delayed the SEC’s announcement of the official results of the tightly contested vote on its website and it had to improvise by releasing partial results through YouTube clips instead. Coinciding with this attack, popular online media house TIME.mk was also targeted by a heavy DDoS attack which took the website down for two hours.
The damaging effects of an attack can also be seen in the 2018 DDoS attacks against the campaign website of Bryan Caforio for the U.S. House of Representatives in California who ultimately lost. The cyberattacks caused the campaign website to be down for about 21 hours during the campaign, with one of the attacks taking place during a live political debate. According to the FBI , as a result of the cybersecurity incident, the campaign reportedly spent between $27,000 and $30,000 to restore systems and saw a reduction in campaign donations, according to the FBI.
DDoS Distraction is Dangerous
During a local primary election in 2018 in Tennessee, hackers launched a volumetric DDoS attack on the Knox County election website that made the screens go blank at this crucial time. Even as an expensive IT security firm started dissecting the attack to find its source, another attack had already been launched and this attack penetrated a Knox Country server to look at personal data stored in it.
All the disruption, it has been determined since, was an effort to distract the Knox County IT team, while another, simultaneous attack was happening behind the scenes accessing sensitive Knox County residents information.
Offline Can Spell Disaster
The UK Labour Party’s digital platform went offline ahead of the elections. Overwhelming traffic brought the platform crashing down. Though it was said that the attack was not successful, in terms of a data breach, it did manage to send the systems offline a few weeks ahead of the elections.
During the 2016 US elections, some US states made changes to their existing systems. Colorado got rid of barcodes, California secured its online electronic voting machines, and Ohio excluded wireless capabilities in its apparatus. Michigan however is said to have spent $82 million on voting machines with wireless modems. Cybersecurity experts maintain that connecting election systems to the internet, even briefly, exposes these machines to malicious attackers who may be intent on derailing or discrediting an election. It is not just voting machines that are vulnerable but any piece of the election apparatus, including wireless-enabled printers, digital check-in tablets, tabulators and even the registration database.
Seeing the growing trend in attacks, this year, the government has allocated $10 million to get rid of the modems before the upcoming elections. However, 11 states, including Rhode Island, Wisconsin, Georgia, and Florida were permitting the use of wireless-enabled voting equipment despite all the warning, as it allows them to quickly provide results to the public and more easily accommodate disabled voters.
What Should Governments Do?
The threat of DDoS attacks on public services is real and daunting. It is an extremely complex process to secure mega networks from DDoS attacks because of the enormity of infrastructure and incoming traffic. During an election campaign for example, differentiating between organic traffic and a DDoS attack can take time and then more time to mitigate the attack. In the interim period, government agencies are left firefighting even as outages occur. The adverse effects of DDoS attacks as can be seen in the instances above, can result in lost elections.
Government agencies do have mitigation solutions installed and are confident that the mitigation solution will ensure protection from attacks. However, mitigation solutions begin working after an attack has been launched. They do not `prevent’ attacks. For government agencies to ensure end to end full DDoS security, and close all DDoS vulnerabilities, there is the need for another layer to be added to the current mitigation solution - a layer of confidence that gives them the intelligence to mitigate attacks before they strike. This would help them to ensure a seamless online presence, secure data, and launch successful large-scale campaigns.
Government agencies, to ensure enduring reliability and security, need to be able to:
- Detect & block malicious traffic penetration 24/7.
- Eliminate vulnerabilities that could be exploited in the underlying network for DDoS attacks.
- Ensure existing DDoS mitigation is effective & reconfigure defense policies, as required, in line with any network changes.
- Validate DDoS Mitigation is detecting and mitigating Layer 3, 4, 7 as well as new sneakier DDoS attacks 24/7, in real-time.
RADAR™, MazeBolt’s new patented technology solution is part of the MazeBolt security platform. RADAR™, simulates DDoS attacks continuously and non-disruptively. Delivering advanced intelligence, through straightforward reports on how to remediate the DDoS vulnerabilities found. With RADAR™, organizations achieve, maintain, and verify the continuous closing of their DDoS vulnerability gaps. Reducing and maintaining the vulnerability level of a damaging DDoS attack from an average of 48% to under 2% ongoing.
To learn more visit: https://mazebolt.com/ddos-radar/
MazeBolt is an innovation leader in cybersecurity and part of the DDoS mitigation space. Offering full DDoS risk detection and elimination and working with any mitigation system to provide end to end full coverage. Supporting organizations in avoiding downtime and closing DDoS vulnerabilities before an attack happens.