SpyCloud and CyberDefenses join forces on election security effort

Two cybersecurity companies focused on election security are teaming up ahead of the November elections to protect dozens of states from a variety of potential attacks on voting infrastructure.

This week SpyCloud and CyberDefenses announced a partnership that will see the companies help one in every five election jurisdictions in the United States with cybersecurity around digital election tools. 

Multiple investigations from the Congress and the FBI showed there was an unprecedented amount of foreign interference in the 2016 vote that came in a variety of forms. Attackers from multiple countries, most prominently Russia, flooded social media with disinformation, launched devastating hacks on specific candidates and levied unsuccessful, but widespread, election infrastructure cyberattacks on all 50 states.

“We are all too aware of foreign attempts to undermine the sanctity of U.S. elections, and we’re proud to do our part with CyberDefenses to help stop them,” said Douglas Lingenfelter, director of SpyCloud’s Federal practice. “Unfortunately, criminals are relentless and innovative in their attacks, so we are constantly updating our data and methods to help election officials stay ahead.”

SEE: Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)

Despite increased concern and awareness about the attempts to attack elections, US elections are operated by state and county governments, many of which are small and ill-equipped to confront cyberthreats. 

More than 120 election officials across 31 states told the Brennan Center that their voting equipment was outdated and needed to be replaced before the election in 2020. Two-thirds of respondents said they did not have the funding they needed to get this done in time, even with all of the new money appropriated by Congress. 

Some 45 states are still using aging voting tools that are no longer made, making them extremely susceptible to attacks and breaches. On top of the outstanding software-related cybersecurity concerns inherent in using equipment that can’t be updated or patched, election commissions reportedly can’t even find replacement parts to physically maintain the machines. 

While the Department of Defense has confirmed that no actual votes were changed in 2016, all 50 states reported attempts to break into their system.

According to a press release, officials from CyberDefenses said the company “provides election jurisdictions with security services, including assessments that evaluate their processes and risks to cyberattacks” while SpyCloud focuses on breach data and fraud prevention solutions that help back up CyberDefenses’ assessments and continuously check election-related accounts against breach data used by criminals.

SEE: Identity theft protection policy (TechRepublic Premium)

The SpyCloud statement said the company focuses its efforts on breach data collection and a curation platform that handles account takeover prevention and fraud investigation solutions. CyberDefenses calls itself an “award-winning Managed Security Services Provider.”

There are more than 3,000 county governments and dozens of Secretary of State offices charged with administering and protecting local and federal elections. In reports released by the Defense Department, CISA and other government agencies, these county election departments are often the first places attackers look to infiltrate because they are generally smaller, have smaller staffs, and may not be as sophisticated as other offices. 

“SpyCloud is instrumental to the work we do in ensuring that every vote counts,” said Armando Ordonez, CEO of CyberDefenses. “It gives county governments an ‘over-the-horizon view’ of the cybercriminal landscape, with advanced information to protect elections from fraud and foreign interference, before it’s too late.”

The companies will be providing local election administrators with expertise, assessments, and recommendations to fill any gaps that may still exist in cybersecurity. SpyCloud’s statement said the company has people watching the dark web to search for any potential stolen credentials related to elections and election staff members, county elected officials, and device suppliers. 

Dark web monitoring has become a key component of security efforts because stolen credentials are still the easiest way many cyberattackers go after complicated systems. SpyCloud says it has a database of “more than 100 billion assets” that ituses to check all election-related accounts against. 

“Using SpyCloud’s recovered breach assets, CyberDefenses alerts the county when it cannot be determined whether the user logging in is legitimate or a criminal leveraging stolen credentials,” the press statement said. 

“When accounts are at risk, they can be locked down until they are re-secured with a password reset or step-up authentication procedure. CyberDefenses also uses SpyCloud’s data, including hundreds of millions of assets to research the infrastructure used in election fraud campaigns.”

SEE: Zero trust security: A cheat sheet (free PDF) (TechRepublic)

In a white paper sent to TechRepublic, the company explained that election security has moved far beyond just protecting the physical voting machines, which is still an issue as well. After what happened in 2016, every person involved in an election in the United States has to be aware of how easy it is for someone to lock down a device using ransomware or steal passwords in other ways. 

Due to the coronavirus pandemic, a significant number of ballots will be sent through the mail, meaning the official count may not be released on the night of Election Day. But this is already causing problems both politically and with election cybersecurity. 

FBI officials sent out a memo this week expressing fear that election websites may be hacked to show false results before the votes have even been counted. In addition to the hacking of local election sites, there may also be a significant amount of disinformation online related to the results as well, with cyberattackers using dummy sites or fake portals to release fraudulent results and confuse the public. 

“SpyCloud’s ability to continuously monitor suppliers as well makes their partnership essential to our mission,” Ordonez said. 

“Anyone doing business with the county needs to be secure themselves, so they are not an entry point for bad actors attempting to interfere with elections. CyberDefenses also alleviates some of the burden by defining policies that counties can extend to their supplier network; fundamentals that must be met in order to remain a partner.”

Cybersecurity Insider Newsletter

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Delivered Tuesdays and Thursdays

Sign up today

Also see