County-level election workers in at least two battleground states saw a surge in attempted phishing exploits in the runup to the 2022 midterm election primary contests, according to a new report from cybersecurity firm Trellix.
Election security has been of very high interest to the Federal government since the 2016 elections. Election infrastructure was designated as “critical infrastructure” by the government in 2017, and state and local election officials receive substantial help from Federal authorities including the Cybersecurity and Infrastructure Security Agency (CISA) on election security.
Now – with the 2022 midterms around the corner – Trellix said it found a marked jump in phishing attempts against election workers earlier this year during two state primary contests. While receipt of phishing emails is a common occurrence for most people, the uptick of phishing attempts against election workers indicates a more targeted attempt against election systems at a critical time.
Trellix said it observed an exponential surge in malicious email activity ahead of the primaries in both Pennsylvania and Arizona. Phishing scams specifically targeting county-level election workers and the local voting infrastructure are especially alarming, the report says.
“[We] focused this initial research at the county-level given these election authorities are relatively the least sophisticated actors in terms of cybersecurity postures, but the most critical in actual electoral engagement with voters,” Trellix said. “Our findings suggest the continuing effort to educate frontline election workers on phishing and other cyber threats in the digital realm could be as important as security measures required to protect them in the physical realm.”
Both battleground states historically show a split among voters between Democratic and Republican candidates, making election security particularly important leading up to voting day.
According to the research, Arizona county election workers experienced a 104 percent rise in phishing scams from the second quarter of the year to the third. In Pennsylvania, authorities saw almost 8,000 scams in their inboxes ahead of the May 17 primaries – a 69 percent increase from the previous quarter.
The cybersecurity company found that the two most common phishing emails accompanying the “primary surge” were password thefts and poisoned links from familiar threads that include trusted sources.
The report offers several recommendations for how organizations can protect themselves ahead of the midterm elections – following CISA’s recent guidance on U.S. electoral phishing was chief among them.
“Educating employees on the need to recognize suspicious emails should not stop because we are making cybersecurity progress in other areas,” Trellix said. “Education on cyber hygiene is an ongoing, never-ending process, particularly as attackers innovate and improve upon their phishing and social engineering techniques.”
