Incidents

Pending case of political cyber-errorism?

With various elections now taking place in the U.S., a recent report published by Ariel J. Feldman, J. Alex Halderman and Edward W. Felten of Princeton University details insecurities found in AccuVote-TS/x e-voting machines. Pointing out and detailing three different types of software-based attacks, this paper is sure to receive further attention.

The question is will it be the attention of malicious attackers, or from Diebold and the U.S. government.

From a malware research perspective, the most interesting attack detailed in the article is the Vote stealing virus. After reading this section of the paper I was left with the impression of a small malicious program with rootkit-like characteristics. We aren’t talking about hidden files and modified software kernels however. In the described attack, covering tracks is as easy as modifying two separate data files in a way that end results agree with each other.

As described the malicious program randomly steals votes from one candidate and gives them to another. The authors of the paper understand well enough about election fraud, and took steps to ensure their malicious program did not result in a completely lopsided election result. In theory, if the results “feel” right, officials won’t detect the fraud and may accept the results. There will be no need for people to vote again.

All-in-all a very interesting paper, and unlike the recent RFID proof-of-concept paper this one seems to have substance to it. One can easily imagine a would-be attacker slipping into a small, hidden, enclosed space to do their thing. In this case, that small enclosed space might just be your local voting booth!

Read more

Pending case of political cyber-errorism?

Your email address will not be published. Required fields are marked *

 

Reports

Operation TunnelSnake

A newly discovered rootkit that we dub ‘Moriya’ is used by an unknown actor to deploy passive backdoors on public facing servers, facilitating the creation of a covert C&C communication channel through which they can be silently controlled. The victims are located in Africa, South and South-East Asia.

APT trends report Q1 2021

This report highlights significant events related to advanced persistent threat (APT) activity observed in Q1 2021. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports.

The leap of a Cycldek-related threat actor

The investigation described in this article started with one such file which caught our attention due to the various improvements it brought to this well-known infection vector.

Subscribe to our weekly e-mails

The hottest research right in your inbox