Market Overview

Research by Anomali Labs Shows Significant Majority of State Election Websites Remain Vulnerable to Email-Based Attacks


REDWOOD CITY, Calif., Aug. 27, 2018 (GLOBE NEWSWIRE) -- Anomali today published research detailing the level of security readiness across US states election websites to combat email-based threats. In the report "Can Lightning Strike US Elections Twice?: Email Spoofing Threat to the 2018 US Midterm Elections," the authors determine that despite well-publicized election related email breaches, most US states have vulnerabilities that could be remedied by widely available countermeasures.

Email spoofing is a social engineering technique where the threat actor forges an email so that a message appears to have originated from someone other than the actual source. Spoofing is widely used in spam and phishing campaigns where the attacker's goal is to trick users into clicking malicious links. These techniques proved effective in the Democratic National Committee (DNC) attack in 2016 in which Russian agencies gained access to sensitive campaign information. Such attacks have become commonplace - in July 2018, Senator McCaskill's campaign was the target of a similar email phishing attack.

The Anomali Labs team examined secretary of state and voter registration websites for all 50 US states, the District of Columbia, and 5 US territories. Each site was evaluated to detect use of six email security technologies.

  1. Sender Policy Framework (SPF) - 34% adoption
  2. DomainKeys Identified Mail (DKIM) - 10% adoption
  3. Domain-based Message Authentication, Reporting and Conformance (DMARC) - 16% adoption
  4. DNSSEC - 11% adoption
  5. STARTTLS - 42% adoption
  6. DNS-based Authentication of Name Entities (DANE) - 0% adoption

"Malicious actors will attempt to exploit any potential vulnerability to achieve their goals. Too often targeted organizations rely on employee judgment to identify suspicious messages," said Hugh Njemanze, chief executive officer of Anomali. "Through our partnership with the Election Infrastructure Information Sharing and Analysis Center (EI-ISAC) we are working to help all states prepare for these types of threats, and many others."

The full report is available for download at This is the first of a series of upcoming election-related research reports from Anomali Labs.

About Anomali

Anomali detects adversaries and tells you who they are. Organizations rely on the Anomali Threat Platform to detect threats, understand the adversary, and respond effectively. Anomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments. Anomali enables organizations to collaborate and share threat information among trusted communities and is the most widely adopted platform for ISACs worldwide. To learn more, visit and follow it on Twitter: @anomali.

Haylee Hewlett, Sr. Marketing Manager
Phone Number: (408) 800-4050

Primary Logo

View Comments and Join the Discussion!

Latest Ratings

PANWBMO CapitalUpgrades240.0
UAAGoldman SachsUpgrades28.0
GPSGoldman SachsDowngrades0.0
View the Latest Analytics Ratings
Don't Miss Out!
Join Our Newsletter
Subscribe to:
Market in 5 Minutes
Everything you need to know about the market - quick & easy.
Daily Analyst Rating
A summary of each day’s top rating changes from sell-side analysts on the street.
Fintech Focus
Your weekly roundup of hot topics in the exciting world of fintech.
Thank You
for registering for Benzinga’s newsletters and alerts.
• The Daily Analysts Ratings email will be received daily between 7am and 10am.
• The Market in 5 Minutes email will be received daily between 7am and 8am.
• The Fintech Focus email will be received every Friday between 2pm and 5pm.