November 5, 2018 By David Bisson 2 min read

A new report revealed that nearly one-third of cyber incidents reported in Q3 2018 were classified as “destructive attacks,” putting election security at risk in the lead-up to the 2018 midterms.

In its “Quarterly Incident Response Threat Report” for November 2018, Carbon Black found that 32 percent of election-season cyberattacks were destructive in nature — that is, “attacks that are tailored to specific targets, cause system outages and destroy data in ways designed to paralyze an organization’s operations.” These attacks targeted a wide range of industries, most notably financial services (78 percent) and healthcare (59 percent).

In addition, the report revealed that roughly half of cyberattacks now leverage island hopping, a technique that threatens not noly the target company, but its customers and partners as well. Thirty percent of survey respondents reported seeing victims’ websites converted into watering holes.

Time to Panic About Election Security? Not So Fast

Despite these alarming statistics and the very real risks they signify, Cris Thomas (aka Space Rogue) of IBM X-Force Red told TechRepublic that since voting machines are not connected to the internet, a malicious actor would need physical access to compromise one. This could prove challenging for attackers, who must understand not only the vulnerabilities in each individual voting machine, but also each precinct’s policies.

Bad actors could theoretically stage an attack by obtaining an official voting machine before the election and gaining physical access to it on voting day, but these machines come with checks and balances that detect when votes are changed, decreasing the liklihood of a successful attack.

Attacks Are Growing Increasingly Evasive — and Expensive

Still, the rise in destructive attacks is particularly concerning given that, as reported by Carbon Black, attacks across the board are becoming more difficult to detect. In addition, 51 percent of cases involved counter-incident response techniques, and nearly three-quarters of participants specifically witnessed the destruction of logs during these incidents. Meanwhile, 41 percent observed attackers circumventing network-based protections.

These evasive tactics could prove costly for companies. According to Accenture, threat actors could set companies back as much as $2.4 million with a single malware incident, with cybercrime costing each organization an average of $11.7 million per year.

How to Defend Against Destructive Attacks

Security professionals can defend their organizations against destructive attacks by developing a dedicated framework to predict what steps an adversary might take once inside the network. Security teams should supplement this framework with AI tools that can use pattern recognition and behavior analysis to stay one step ahead of cyberthreats.

Sources: Carbon Black, Accenture, TechRepublic

More from

Bypassing Windows Defender Application Control with Loki C2

10 min read - Windows Defender Application Control (WDAC) is a security solution that restricts execution to trusted software. Since it is classified as a security boundary, Microsoft offers bug bounty payouts for qualifying bypasses, making it an active and competitive field of research.Typical outcomes of a WDAC bypass bug bounty submission:Bypass is fixed; possible bounty awardedBypass is not fixed but instead "mitigated" by being added to the WDAC recommended block list. Likely no bounty awarded but honorable mention is typically givenBypass is not…

FYSA — VMware Critical Vulnerabilities Patched

< 1 min read - SummaryBroadcom has released a security bulletin, VMSA-2025-0004, addressing and remediating three vulnerabilities that, if exploited, could lead to system compromise. Products affected include vCenter Server, vRealize Operations Manager, and vCloud Director.Threat TopographyThreat Type: Critical VulnerabilitiesIndustry: VirtualizationGeolocation: GlobalOverviewX-Force Incident Command is monitoring activity surrounding Broadcom’s Security Bulletin (VMSA-2025-0004) for three potentially critical vulnerabilities in VMware products. These vulnerabilities, identified as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, have reportedly been exploited in attacks. X-Force has not been able to validate those claims. The vulnerabilities…

SoaPy: Stealthy enumeration of Active Directory environments through ADWS

10 min read - Introduction Over time, both targeted and large-scale enumeration of Active Directory (AD) environments have become increasingly detected due to modern defensive solutions. During our internship at X-Force Red this past summer, we noticed FalconForce’s SOAPHound was becoming popular for enumerating Active Directory environments. This tool brought a new perspective to Active Directory enumeration by performing collection via Active Directory Web Services (ADWS) instead of directly through Lightweight Directory Access Protocol (LDAP) as other AD enumeration tools had in the past.…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today