Cyber-threat actor have intensified their focus on the 2024 US elections, anticipating a surge of malicious activity that is expected to reach its peak over the next month. This wave of attacks aims to disrupt voters and interfere with the election process, demanding heightened vigilance from all stakeholders involved.
Since the beginning of the year, attackers have intensified election-related threats. Research from FortiGuard Labs Threat Research, released today, shows a rise in phishing kits being sold to target US voters and campaign donors; over 1,000 domains registered for malicious exploits related to elections; and increased ransomware attacks targeting government entities.
Derek Manky, the chief security strategist and vice president of global threat intelligence at Fortinet, observes that cyber-threat actors have historically heightened their malicious activities in the lead-up to elections. This election cycle, however, they intend to be particularly disruptive. As a result, it’s crucial for all stakeholders to be ready in the coming weeks to defend against these threats and safeguard election integrity.
He emphasizes the importance of recognizing and understanding cyber threat(s) as the 2024 US presidential election approaches, highlighting their potential impact on both the integrity and trustworthiness of the electoral process, as well as citizen welfare.
Certainly! Here’s a rewritten version: In fact, independent studies have discovered that adversaries from Russia, China, and Iran have been employing cyber strategies to incite discord and sway election results instead of directly targeting voting machines or other electoral infrastructure. Researchers pointed out that these subtler tactics necessitate a different level of alertness from defenders.
Key Threats to Monitor
The latest research from FortiGuard Labs on election-related threats stems from an analysis conducted between January 2024 and August 2024, focusing on potential impacts to US-based entities and the electoral process. The researchers identified several key areas where threat activity has been increasing.
There has been a notable rise in the availability of cost-effective phishing kits on the Dark Web aimed at targeting voters and donors by mimicking presidential candidates and their campaigns. Researchers discovered that these kits, priced at $1,260 each, are designed to impersonate U.S. presidential candidates for collecting personal information such as names, addresses, and credit card details.
Alex Quilici, CEO of YouMail, points out that the current election cycle has seen a rise in highly convincing mobile scams as part of phishing activities. These scams utilize phone calls, voicemails, or messaging services that employ deepfake technology to spread misinformation and potentially influence voter outcomes.
He explains that AI is now capable of generating highly convincing voice impersonations, making it sound like a trusted figure, such as a candidate, who might urge you not to vote or spread false information. “This form of deception poses a significant threat by undermining public trust and disrupting the electoral process,” he warns.
According to researchers, attackers have registered over 1,000 new domains with potentially malicious intent since the start of 2024. These domains incorporate election-related content and candidate information to attract unsuspecting individuals and possibly engage in illicit activities. The two most common hosting providers for these election-themed sites are AMAZON-02 and CLOUDFLARENET, indicating that attackers are using well-known reputable services to lend credibility to their harmful domains.
Researchers have pointed out that cyberattackers can also disrupt democratic processes and spread misinformation by using individuals’ personal information to target them directly. Fortinet discovered a significant amount of such data on the Dark Web, with over 1.3 billion rows of combo lists containing usernames, email addresses, and passwords of US citizens available for illicit purposes.
The accessibility of this data presents a significant threat for credential-stuffing attacks, enabling cybercriminals to gain unauthorized entry into individuals’ accounts. According to Casey Ellis, founder and chief strategy officer at Bugcrowd, the widespread availability of personal information regarding various election stakeholders could potentially disrupt the voting process indirectly.
“He suggests that although using these records to commit fraud or directly alter an election outcome might be challenging, it is both inexpensive and straightforward to emphasize the potential misuse of such data as a means of undermining trust in the democratic process and potentially influencing voter turnout.”
Researchers at FortiGuard Labs observed a 28% year-over-year rise in ransomware attacks targeting the US government, based on data from leak sites. This activity poses a risk to the election process by potentially eroding public trust in the government’s capability to safeguard citizens’ personal data.
Safeguard Fair Elections
To ensure the smooth operation of the US presidential election process for everyone wishing to participate, Fortinet provided several recommendations to prevent and address attacks leading up to election day. The researchers urged both individuals and organizations to remain vigilant for any suspicious behavior or activity as major election-related events approach and emphasized the importance of maintaining good cyber hygiene overall in order to minimize potential threats.
Organizations, particularly those involved in elections or government activities, should prioritize training employees and raising awareness about cyber threat(s) targeting the election process. Implementing multifactor authentication and enforcing a strong password policy for both individual and organizational online accounts can also help safeguard against intrusions.
According to Fortinet’s recommendations, organizations involved in the election process should enhance their system security by installing endpoint protection solutions, patching operating systems and web servers, and regularly updating software.