Report Examines Cyber Challenges Ahead of U.S. General Election

Today, October 15, Fortinet's FortiGuard Labs has released a threat intelligence report revealing the current threats tied to U.S.-based entities, voters, and the electoral process ahead of the November 5 election. The research observes new phishing scams aimed at voters, malicious domain registrations impersonating candidates, and other alarming threat activity.

In the report, FortiGuard Labs Threat Research provides an in-depth analysis of threats gathered from January 2024 to August 2024 that may affect U.S.-based entities and the electoral process. It also examines the diverse array of challenges posed by cyber threats, assesses their impact on the present U.S. elections, and provides guidance on how to protect critical environments and systems.

"As the 2024 U.S. presidential election approaches, it's critical to recognize and understand the cyber threats that may impact the integrity and trustworthiness of the election process and the welfare of the participating citizens," said Derek Manky, Chief Security Strategist and VP of Global Threat Intelligence at Fortinet. "Cyber adversaries, including state-sponsored actors and hacktivist groups, are increasingly active leading up to major events like elections. Remaining vigilant and identifying and analyzing potential cyber threats and vulnerabilities is crucial for preparing and safeguarding against the lures and targeted cyberattacks that could take advantage of a heightened moment in time and even disrupt or influence electoral outcomes.”

Some of the key findings of the report include:

• Phishing scams: Threat actors are selling affordable phishing kits on the darknet, impersonating the presidential candidates and their campaigns.
• Proliferated ransomware activity targeted towards government agencies: FortiGuard Labs researchers observed a 28% increase in ransomware attacks against the U.S. government year-over-year.
• Increase in malicious domain registrations: More than 1,000 new potentially malicious domains have been registered since the beginning of 2024 which incorporate election-related content and candidates.

According to the report's executive summary:

"The United States election process is a fundamental pillar of its democracy, involving a vast network of federal and state agencies, political parties, candidates, and, most importantly, the voting public. As elections approach, it's imperative to recognize and understand the array of cyber threats that could impact the integrity and trustworthiness of this critical process.

 "Cyber adversaries, including state-sponsored actors and hacktivist groups, are increasingly active in the lead-up to elections. For US-specific
threats, the dark web has become a hub for malicious actors to trade sensitive information and develop strategies to exploit vulnerabilities.
Hacktivist groups are also mobilizing, aiming to disrupt proceedings or sway public opinion through coordinated cyber campaigns.

"However, one of the biggest threats is state-sponsored entities that employ sophisticated tactics to infiltrate systems, steal data, and
disseminate misinformation. Their activities can undermine confidence in the electoral process and potentially alter outcomes. Malicious actors are also utilizing artificial intelligence to create and automate the spread of disinformation and misinformation, thereby shaping public opinion in unintended ways. Commonly exploited vulnerabilities, such as outdated software and inadequate security protocols, make systems more susceptible to attacks.

"Election infrastructure, government agencies engaged in electoral processes, political campaigns, media organizations, and technology
providers could all be at risk during this time. These and similar entities must prioritize cybersecurity measures to protect against potential breaches and ensure the integrity of the electoral process. This report provides a comprehensive overview of the potential cyber threat landscape and critical vulnerabilities that could impact the election process. This analysis is crucial for preparing and safeguarding against cyberattacks that could disrupt or influence election outcomes."

Some other insights from the report:

• With the U.S. election approaching, the surge in political engagement and donations provides a fertile ground for cybercriminals. As seen in past elections, particularly the 2020 race, where contributions reached unprecedented levels, the influx of funds makes campaigns attractive targets for malicious actors. The increase in financial activity around elections creates numerous opportunities for exploitation, especially by those seeking to take advantage of heightened public interest and large-scale political donations.
• Additionally, cybercriminals across darknet forums are viewing the upcoming election as a prime opportunity for quick profits. In one recent post, we observed an interesting project featuring phishing pages designed to impersonate political leaders Donald Trump and Kamala Harris. The TA is offering two separate phishing kits for $1,260 each—one targeting Donald Trump supporters and the other targeting Kamala Harris supporters. These kits are designed to harvest personal information, including names, addresses, and credit card (donation) details.
• Approximately 40% of the posts on darknet involve combo lists (usernames/email addresses and passwords). These combo lists can be used for large-scale credential stuffing and unauthorized access, potentially compromising voter data, election systems, and sensitive
  information. More than 1.3 billion rows of combo lists are currently being advertised across different Darknet forums.
• Credit card and banking data, constituting about 21% of the posts with 300k rows, pose significant risks of financial fraud and phishing,
  targeting users in the U.S. These actions could lead to campaign disruptions, undermining voter outreach, destabilizing financial support for candidates, or enabling fraudulent campaign funding.
• User databases, such as those for doctors, musicians, and investors, make up roughly 19% of the posts, with over 2 billion rows. These
  databases can facilitate identity theft and targeted phishing, risking the security of those involved in elections and eroding public trust.
  Social Security Number (SSN) databases, about 10% of the posts, increase the risk of data breaches and cyberattacks, with one instance advertising an SSN database with over 19 gigabytes (about 80 million rows) of data.

"As expected, the run-up into the 2024 Presidential Election is providing a predictably unstable information environment. This in turn creates a wide variety of options and opportunities for cyber-borne threats actors of all types and all motivations, and this report serves as a useful reminder that this will continue to escalate until, and beyond, election day itself," said Casey Ellis, Founder and Chief Strategy Officer at Bugcrowd. "Of particular note is the volume of records available on the dark web in 2024. While it may be difficult to use these records to commit the kind of fraud or attacks that would directly modify the outcome of an election, it's certainly a cheap and simple exercise to simply highlight the possibility of their use as a way to instill distrust in the democratic process, and to potential affect and manipulate voter turnout."

"Primary security concerns around the 2024 Presidential Election include AI-driven misinformation dissemination, hacking of voter databases, and tampering with voting machines. Preparation requires robust cybersecurity protocols, staff training, and deploying AI-driven detection systems," said Nick France, Chief Technology Officer at Sectigo. "AI-powered deepfakes and automated trolling pose significant risks, fueling misinformation, damaging reputations, and undermining trust. Combating this threat necessitates developing AI-driven detection tools and promoting media literacy among the populace."

"Threat actors exploit AI for sophisticated cyberattacks on election infrastructure, often through AI-generated malware and automated phishing," France continued. "Defensive measures require AI-powered threat detection, network monitoring, and regular security audits. Specific election security risks could include impersonating leaders, fabricating content, swaying public opinion, and eroding trust in democratic processes. Detecting and combating such disinformation demands AI-driven content analysis, collaboration with social media platforms, and public awareness campaigns."