Cyber-threat actors are intensifying their focus on the 2024 US elections, with a surge in malicious activities expected to peak in the coming month. Their goal is to disrupt voters and the election process, necessitating heightened vigilance from all stakeholders.
Research from FortiGuard Labs Threat Research indicates that attackers have ramped up election-related threat activity since the beginning of the year. This includes an increase in the sale of phishing kits targeting US voters and campaign donors, the registration of over 1,000 domains aimed at exploiting election-related content for malicious purposes, and a rise in ransomware activity targeting government entities.
Derek Manky, Chief Security Strategist and Vice President of Global Threat Intelligence at Fortinet, highlighted the historical precedent of increased malicious activity ahead of elections. However, the current election cycle is witnessing a particularly disruptive wave of cyber threats, underscoring the need for stakeholders to fortify their defenses against malicious actors in the upcoming weeks to safeguard election outcomes.
According to Manky, it is crucial to acknowledge and comprehend the cyber threats that could compromise the integrity and trustworthiness of the election process and the well-being of the citizens participating in it.
Recent research has identified adversaries from Russia, China, and Iran as leveraging cyber operations to incite discord and influence election results. Rather than direct attacks on voting machines or other infrastructure, these actors employ subtler tactics that demand a different level of vigilance from defenders, as per the researchers.
FortiGuard Labs’ latest election-threat research constitutes an analysis of threats gathered from January 2024 to August 2024 that may impact US-based entities and the electoral process. Several key areas of threat activity have been identified as on the rise.
A notable increase in the availability of affordable phishing kits on the Dark Web designed to target voters and donors has been observed. These kits impersonate presidential candidates and their campaigns, with some priced at $1,260 and geared towards harvesting personal information like names, addresses, and credit card details.
In addition to phishing, there has been a surge in highly convincing mobile scams that leverage deepfake technology to spread misinformation via phone calls, voicemails, or messaging services, potentially influencing voter outcomes, according to Alex Quilici, CEO at YouMail.
Beyond phishing and misinformation campaigns, cyber attackers have registered over 1,000 new potentially malicious domains in 2024 that exploit election-related content and candidates to deceive unsuspecting targets. These domains utilize reputable hosting providers like AMAZON-02 and CLOUDFLARENET to enhance their legitimacy and lure victims into nefarious activities.
Furthermore, the researchers have warned about the misuse of people’s personal information obtained from the Dark Web, with a plethora of combo lists containing usernames, email addresses, and passwords of US citizens for sale. This data presents a risk for credential-stuffing attacks, which can compromise individuals’ accounts and indirectly disrupt the voting process.
Ransomware attacks against the US government have also spiked by 28% year-over-year, posing a threat to the election process by eroding citizens’ trust in the government’s ability to safeguard their personal data.
To safeguard the integrity of the US presidential election, Fortinet has provided recommendations to prevent and mitigate attacks leading up to election day. These include remaining vigilant for suspicious behavior, prioritizing cybersecurity hygiene practices, conducting employee training, enforcing multifactor authentication, implementing strong password policies, and maintaining up-to-date endpoint protection solutions.
By following these guidelines and staying proactive against cyber threats, stakeholders can bolster the resilience of the election process and mitigate the impact of malicious actors seeking to disrupt democracy.