Black Hat 2018: 10 Execs On The Top Cybersecurity Threat America Faces Around The 2018 Midterm Elections


Candidate Compromised Via Social Media  

Bad actors could worm their way into a candidate's circle of trust by hitting a non-technically savvy person associated with the campaign with a phishing attack to obtain their credentials, according to Juniper Head of Threat Labs Mounir Hahad.

From there, a hacker would move from one person to the next obtaining credentials until they have found someone in the candidate's inner circle, Hahad said, at which point they will impersonate the close friend and send the candidate an email, Facebook message or Twitter message with a link or image.

The SVG image, though, could contain malicious JavaScript, Hahad said, or the link could lead to a dummy YouTube page that implements spyware onto the candidate's phone or laptop.

Once the bad actor has access to the candidate's phone, Hahad said they benefit from direct intelligence on the campaign's decision-making as well as private information that could potentially be used to blackmail the campaign.