Actu
Expert Comment: UK Electoral Commision 2-Year Cyber Attack
August 2023 by Joseph Carson, Chief Security Scientist and Advisory CISO at Delinea
After the news that the UK Electoral
Commission yesterday announced that they have suffered a 2-year cyber
attack with roughly 40 million voters personal details exposed.
Joseph Carson, Chief Security Scientist & Advisory CISO at Delinea :
Although not all the details are known on this attack, it’s another
example of how malicious hackers are targeting government entities and,
most worryingly, are able to stay under the radar of detection for so
long.
_When attackers are focused on espionage or disinformation, they prefer
to use techniques that are stealthy so they can remain hidden and
undetected for long periods. The motives for such attacks are typically
either nation state supported or mercenary hackers with the goals of
selling the information to cybercriminals who will then target and abuse
the victims with voting related phishing scams. _
The Commission’s network represents a goldmine for attackers - in this
case voter names, addresses and email addresses are now in their hands -
which can all be used to fuel further scams. While these types of
attacks may not be able to change the outcome of any election vote, they
can target the victims or create disinformation campaigns now they know
who to target. One of the most important values of voting systems is the
trust in these systems and any data breach decreases the trust.
It’s a stark reminder that putting in place the appropriate security
controls around data is more important than ever as attackers seek new
ways to gain access, steal credentials, and exfiltrate sensitive data._
