In 2019, Ingalls was called upon to help respond to a variety of different breach response scenarios that involved ransomware attacks against a significant number of commercial, non-profit, and government organizations. In addition to our breach response work, our team also protects many organizations through proactive risk management.
Late last year, we saw a pattern and some concerning data that led us to develop a threat model that we’ve recently submitted to the National Association of Secretaries of State (NASS).
We believe this threat model could potentially be used by well-resourced organizations to disrupt the upcoming presidential election. These groups have the ability to target local- and state-level authorities with ransomware before and immediately following Election Day. We’ve included the original Threat Intelligence whitepaper below, but you can also download it from the NASS website here.
It is important to note that this model is based on capabilities that we know our adversaries possess, specifically the ability to gain access to credentials for cloud-based management consoles and remote access software. We have seen countless cases in which victims believed they had adequate anti-virus protection, when in fact, the attackers were able to execute ransomware encryption software despite a popular antivirus being installed.
Finally, we would also like to point out that the recommendations we make to prevent this type of attack have all been presented as cybersecurity best practices for years. Next-generation anti-virus, multi-factor authentication, and other technologies are readily available and should be deployed for more reasons than the threat model we share.
We hope that by sharing this threat model with the cybersecurity and IT Managed Services communities as well as state and local election authorities, we can raise awareness about this situation. We believe this threat is entirely avoidable, but still very possible due to the current state of cybersecurity risk management controls employed by many MSPs and local and state election authorities.
Contact Ingalls Information Security to schedule an assessment and training session, and to discuss our incident response readiness program.