According to the world’s top incident response (IR) professionals, politically motivated cyberattacks from nation-state actors have contributed to an ominous increase in destructive attacks: attacks that are tailored to specific targets, cause system outages, and destroy data in ways designed to paralyze an organization’s operations. Tom Kellerman, Carbon Black's Chief Cybersecurity Officer, put it this way: “These attackers aren't just committing simple burglary or even home invasion — they're arsonists.”

Despite the heightened threat, most organizations still lack the skilled security experts and don’t have the visibility they need to challenge these ever-evolving cyberattacks. And with November’s U.S. congressional elections fast approaching, at stake is not only significant financial loss, but also the trustworthiness of the country’s political institutions.

To stay abreast of the current attack landscape and to quantify the latest attack trends seen by leading IR firms, Carbon Black publishes a Quarterly Incident Response Threat Report (QIRTR). This is Carbon Black’s second quarterly report since introducing the QIRTR in July. This report aggregates qualitative and quantitative input from 37 Carbon Black IR partners. The report’s goal is to offer actionable intelligence for business and technology leaders, fueled by analysis of the newest threats, and expert insights on how to stop them.

A network of internet content not publicly accessible, offering several election-related items for sale, including voter databases, social media influence campaigns and hackers willing to conduct espionage campaigns.

Dark web markets and freelance websites offer a selection of resources for those wishing to conduct nefarious activities specifically relating to the 2018 midterm elections.

Election-focused cyberattacks now pose real threats to Western political institutions. Sixty eight percent of survey respondents, among the top cybersecurity professionals in the world, believe the upcoming U.S. midterm elections will be influenced by cyberattacks. According to a Carbon Black survey gauging voter confidence, one in four voters said the fears of such attacks would make them reconsider voting. As a result, as many as 58.8 million people might simply stay home on Election Day because of cybersecurity fears.

For nation-state actors, it’s not just about directly targeting, say, voting machines — though that is certainly one viable option. Rather, attackers are looking to political propaganda operations, such as Russia’s 2016 hack of the Democratic National Committee. As one IR professional explains, “They’re doing hack and leak campaigns, targeting media providers, political parties, voter databases, they’re using social media…all to build narratives that disenfranchise potential voters and damage the reputations of democracy without having to do direct interactions, which can be riskier.”

Today, there are more than 8.4 billion IoT devices, ranging from consumer devices like Fitbits and smart watches to enterprise devices such as security cameras, alarm systems, and thermostats. thermostats. Of late, those “things” — which often have no built-in ability to be patched remotely— have become the target of cyberattacks. In 2016, for instance, a Russian botnet called Mirai gained access to a veritable army of closed-circuit TV cameras, which led to a denial of service attack that left huge swaths of the internet inaccessible to many on the East Coast of the U.S.