Phishing email shuts down Texas government email system. Big email leak before elections like in 2016?

A few days ago, multiple voters and election administrators in Hamilton County, Texas, received an email purportedly from Leanne Jackson, the county secretary, which included a list of passwords to access an attachment. What users were unaware of is that these emails actually came from addresses in Sri Lanka and Congo, so it was a phishing attack.

Since the three-person Jackson office attack, it has carried out its activities in a very limited manner in fear of spreading any infection related to the incident.

Specialists consulted by ProPublica mention that the email systems of dozens of municipalities are based on very limited configurations and even home development, which include features such as really weak encryption. Although the use of environments such as those developed by Google or Microsoft is not an absolute guarantee of security, it is a fact that they offer better conditions than home development. 

Concerns related to this incident are growing further because the U.S. is a couple of months away from its new presidential election, in which the pandemic has forced the implementation of electronic voting systems.

La imagen tiene un atributo ALT vacío; su nombre de archivo es texaselection01.jpg

Faced with the future picture, which already envisaged the implementation of electronic voting systems, a study by the Belfer Center for Science and International Affairs at Harvard concluded that all election officials should have cybersecurity training to detect any potential threats that could compromise electoral information systems. 

Regarding the threat in Hamilton County, experts claim that their networks were infected with a malware variant known as Emotet, usually used as a ransomware delivery mechanism. This is a variant of attack that has created serious problems in hospitals, schools and private companies alike.   

Threat actors use Emotet to trick users into interacting with legitimate-looking content to turn off security measures in cloud deployments. In a successful attack, threat actors could seize the victim’s email conversations to send false responses, which could generate all sorts of malicious scenarios.

The investigation is still ongoing, so more details could be revealed over the course of days, although authorities are unlikely to disclose confidential information about this incident.