A recent study has revealed that during the voting season, election officials communicate with the public regularly and send real-time results to the media, in many US stated as well as counties, cybercriminals can breach into those email networks and attack the user.
A San Franciso-based software company Valimail, who conducted the study, said that they have made an automated cybersecurity solution that blocks phishing emails and projects against compromised business emails.
Valimail research
In a blog post, the company stated that they had analyzed 187 domains used by election officials in the three largest counties for every US state. Valimail stated that "Our analysis examined the SPF (Sender Policy Framework) and DMARC (Domain-based Message Authentication, Reporting & Conformance) status for each of these domains, enabling us to determine whether each domain is protected from impersonation attacks by a correctly configured DMARC record with a policy of enforcement."
The blog post also added that a DMARC enforcement policy helps to prevent unauthorized senders from using the domain in the "From" field of their messages, halt one of the most devious impersonation vectors used by attackers.
The finding
The researchers noticed that 124 out of 187 domains doesn't have DMARC records, while 11 domains with DMARC are incorrectly configured and 42 domains are correctly configured but not at enforcement. There are only 10 domains which are correctly configured and at enforcement.
As mentioned in the post, almost 80 percent of the domains belong to the federal government are protected from impersonation. However, here is the list of 10 domains while being protected from the exact-domain impersonation attacks:
On the other hand, the Valimail research revealed that there are six states which have a complete lack of protection among their three largest counties and these are Arizona, Florida, North Carolina, Pennsylvania, Michigan and Wisconsin.
The vulnerability
In terms of US election infrastructure, the researchers noticed an absence of DMARC enforcement at the state and local levels is considered as only one vulnerability but it can cause massive cyber attacks. The compromised emails impersonating US officials could spread voter disinformation, misdirect voters and can also infect government networks with malware.
It should be noted that the email domains in the four states which are receiving the largest grants under HAVA- California, Texas, Florida, and New York, each of which has received over $20 million, are not protected.
"The low rates of state and local deployment of this open standard is a clear warning sign that best practices to protect democracy are missing in many key places. It is time to direct funding toward implementing such best practices, with DMARC at the top of the list, across state and local infrastructure," said Valimail's industry initiatives director.
