Potential cyber threats to the Presidential Election

Malicious cyber activities, including phishing, could affect electorates’ confidence in the election processes.

Similar to other large-scale events, Singapore’s Presidential Elections tomorrow can be a target for cyber attackers. The most recent example is the United Kingdom (UK) Electoral Commission security breach that exposed the data of 40 million voters. While the breach did not have an impact on the UK elections, this may not always be the case.

Recognising this, the Ministry of Home Affairs (MHA), the Cyber Security Agency of Singapore (CSA) and the Elections Department (ELD) issued an advisory in mid-August to warn Presidential Election candidates about potential cyber threats. Threats include distributed denial of service (DDoS), ransomware, exploitation of vulnerabilities in IT systems, social engineering and fake social media accounts.

“There have been instances of malicious cyber activity such as disruption, defacement, or data theft during the elections of other countries, which have affected their electorates’ confidence in the election processes. As a highly digitally connected nation, Singapore must guard against attempts to disrupt the election processes; or cast doubts on the integrity of the Presidential Election,” states the advisory.

For voters, they should be wary of phishing emails, warns Jonathan Tan, managing director for Asia at Trellix. “The acceptance of digital IDs at polling stations marks a significant milestone for the country’s roadmap towards becoming a smart nation. However, it also opens the door to potential cyber threats, particularly phishing attacks which leverage personal data,” he explains.

Practising good cyber hygiene therefore becomes paramount for voters. “Voters must remain cautious of urgent requests from unofficial channels, such as password changes for their Singpass login, as cybercriminals are quick to exploit this to gain access to personal data and to deceive voters,“ advises Tan. He adds that they should also be sceptical towards suspicious file downloads and web links.

See Also: