"Over Half of US County Websites Could Be Spoofed"

Security researchers at Comparitech have sounded another US election warning after claiming that the majority of US county websites could be copied to spread disinformation and steal info.  The researchers analyzed the websites and official contact email addresses for 3144 US counties to compile its report. The researchers found that 57% of county websites are registered with non-.gov domains, meaning they could easily be spoofed with malign intent. Additionally, over half (55%) of counties in the seven swing states have non-.gov registered domains.  The FBI and Cybersecurity and Infrastructure Security Agency (CISA) have already released an alert warning that foreign threat actors may use fake lookalike sites to spread disinformation. The researchers also claimed that 85 websites were found to be lacking an SSL certificate. SSL certificates help to authenticate the owner of the website and encrypt the connection.  Also the researchers found that 41% of voting contact emails displayed on US county websites lack the DMARC email authentication protocol, meaning they’re also exposed to phishing attempts. Some 39% of email addresses listed on county election websites in swing states don’t have DMARC authentication.  The researchers said that many US counties should improve the security and authentication of their websites and emails. 

Infosecurity Magazine reports: "Over Half of US County Websites Could Be Spoofed"