5 Cyber Lessons Learned From the U.S. Election

Last week, I took a deep dive on U.S. election-related topics, including the government’s response to potential cyber threats, the issue of malspam during the election, and whether or not nation-state attacks had a meaningful impact on the election.

Here are the five key lessons learned from all of this.

It’s not always DDoS.

While many other countries experienced DDoS attacks during their election processes in 2020, the United States did not suffer from any major service outages due to Denial of Service attacks. At least none that were publicly reported.

But this is not a reason to become dismissive about election-related DDoS attacks. In the run-up to the election in the United States, Google’s Threat Analysis Group (TAG) disclosed that the world largest DDoS attack, 2.5Tbps, was launched back in 2017 in a bid to help raise public awareness about nation-state actors increasing their ability to launch large scale Denial of Service attacks.

[You may also like: Did Nation-State Attacks Impact the U.S. Elections?]

Sometimes you prepare for the wrong things.

This year during the run-up to the presidential election in the United States, many people were so consumed by the possibility of foreign election interference mis/disinformation that they missed the growing threat in their backyard. As a result, many domestic social accounts were found to be propagating mis/disinformation in an attempt to interfere or cast doubts about the legitimacy of the election.

Malspam during an election can go both ways.

Malspam is one of the most common and problematic attack vectors currently plaguing the threat landscape. Threat actors and campaigns can range from for-profit cybercriminals who are opportunists trying to make a buck off current events to politically-driven actors. This year during the election we saw the opportunist behind Emotet, TA542, use political-themed lures to maximize their impact while the operators behind Trickbot found themselves mitigating an offensive attack from both the public and private sector due to the threat they posed.

[You may also like: The Issue & Impact of Malspam in the U.S. Elections]

Attribution is a slippery slope.

During this election, we saw the United States government attribute an Iranian campaign within two days of the attack and in turn, respond by launching an offensive military cyber operation. While the discussion around attribution is a slippery slope, this was a rare public move by the US government to quickly counter a growing threat. This operation, however, does open up the conversation about the use and effectiveness of offensive, hack back, campaigns. It appears at the moment that this operation conducted by U.S. Cyber Command put the attackers in a defensive and reactive position you rarely see them in, due to the ‘observe and report’ nature of current cybersecurity practices.

[You may also like: The U.S. Government’s Response to Election-Related Cyber Threats]

Controlling public speech will backfire. Every time.

As we saw during the election, censoring and labeling dis/misinformation did nothing to stop the spread of it. In fact, in general, redacted information piques human curiosity. Naturally, humans are going to reveal the unknown and emotionally reposed to, and spread, said content. Misinformation at the end of the day is like a Chinese finger trap. The more attention you give it and the more you pull on it, the tighter the situation gets. By giving attention to dis/misinformation, we inherently helped spread it.

Download Radware’s “Hackers Almanac” to learn more.

Download Now

Daniel Smith

Daniel is the Head of Research for Radware’s Threat Intelligence division. He helps produce actionable intelligence to protect against botnet-related threats by working behind the scenes to identify network and application-based vulnerabilities. Daniel brings over ten years of experience to the Radware Threat Intelligence division. Before joining, Daniel was a member of Radware’s Emergency Response Team (ERT-SOC), where he applied his unique expertise and intimate knowledge of threat actors’ tactics, techniques, and procedures to help develop signatures and mitigate attacks proactively for customers.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program


An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Security Research Center