The Electoral Commission, the UK government body in charge of overseeing elections, has been slammed by over 1.5 million email attacks in the lead up to the recent UK general election.
The findings were revealed under the Freedom of Information Act (FOI), and analysed by the Parliament Street think tank, observing the cyber threats posing the electoral body ahead of the July 4th general election.
The news comes days after the ICO reprimanded the Electoral Commission for leaving its systems “exposed and vulnerable to hackers,” following a breach in August 2021 that was not identified until October 2022. The hackers had access to personal information such as names and home addresses for up to 40 million voters.
In total, the Electoral Commission blocked 1,510,463 attacks between 2021 and 2023 ranging from Microsoft Edge Block to spam, phishing and malware threats.
Cybersecurity expert Andy Ward, VP International for Absolute Security, said: “Year after year we see spikes in seasonal cyber threats at Christmas, Valentine’s and other holidays, and the lead-up to the general election was no different. It was the prime opportunity for cybercriminals to target unsuspecting voters and tamper with the results, and fortunately, the Electoral Commission was able to block millions of attacks.”
“What’s concerning, however, is the number of attacks that didn’t get blocked, stealing voter’s IDs, personal details and sensitive data. Everyone can be the target of a cyber-attack, so the UK needs a robust cyber resilience strategy to ward off bad actors and ensure the protection of departments, businesses and civilians across the country.”
Leading up to the election, 81 per cent of the blocked attacks occurred in 2023, compared to 15 per cent in 2022 and 4 per cent in 2021.
Edge Block accounted for the majority of attacks, followed by spam emails, malware then phishing.
Amid fears of AI deepfakes and election tampering, the UK Parliament issued a warning ahead of the election outlining the potential threats that voters and electoral bodies may face. The warning outlined China and Russia as the greatest state-backed cyber threats to the UK and that Iran and North Korea also had ‘notable cyber capabilities.’
Stuart Munton, Chief for Group Delivery at AND Digital, said: “During periods of heightened threat, it is vital that organisations take a technology AND people approach to protecting themselves. Adopting bespoke cyber security technology can act as the first layer of protection to identify and block attacks, but that must be combined with upskilling to ensure staff can detect and report threats when they do occur. Building capability through digital skills enables organisations to better defend against malicious actors and, in this case, protect the integrity of the UK voting system.”
Libero Raspa, Director at adesso UK, commented: “It's no surprise that the department is bombarded by cyber-attacks, given that they hold the personal details of the entire nation's voters. These details can be sold, used to infiltrate passwords and personal accounts, and utilised in identity fraud attacks. This serves as a timely reminder for any organisation to continuously evaluate their security infrastructure and ensure that security and compliance are central to all digital transformation projects and IT services. The benefits of preventing these problems outweigh the costs of cleaning up after an attack. These costs won't just be financial; they will also have long-lasting effects on productivity and reputation.”
The news follows increased security concerns in Westminster with the 335 new MPs being given panic alarms as part of their welcome packs. The alarms can notify the police’s rapid response unit with GPS trackers to come to the aid of threatened MPs.
The recent attack against former US President Donald Trump has added to fears surrounding national security.