Cybercriminals, hacktivists and nation-state actors have all been active in 2024 either threatening to disrupt or simply taking advantage of the US election.
Fortinet’s Threat Report 2024 is described as a deep dive into cyber threats surrounding the US election. The report discusses the overall threat landscape and highlights adversarial activity that has been influenced by, and intends to influence, this year’s election day.
“As elections approach, it’s imperative to recognize and understand the array of cyber threats that could impact the integrity and trustworthiness of this critical [democratic] process,” says the report.
The threats, as always, are delivered from three primary sources: financially motivated criminals, partisan hacktivists, and politically motivated elite nation-state actors. While the entire spectrum of cyber weaponry could be used, Fortinet’s researchers highlight three election-related areas that have been and are being used by adversaries already this year.
Cyber criminals. Criminals are motivated more by financial gain than by politics, and the elections have provided a rich source of social engineering lures. Since January, Fortinet has identified more than 1,000 election-themed domain registrations that comprise words like ‘vote…’, ‘vote4…’ and various combinations of the candidates’ names. The purpose is almost certainly to facilitate phishing but could also be used for disinformation.
There is also a number of more directly fraud-related domains linked to party political fundraising. One example is the domain secure[.]actsblues[.]com imitating the legitimate secure[.]actblue[.]com nonprofit fundraising platform. People use such sites with the intention of giving money, so are already prepared to hand over credit card details. This year, for the first time in presidential elections, phishing and fraud scams have been polished by artificial intelligence and supported by deepfake imagery and voice, making them increasingly difficult to recognize.
Hacktivists. Hacktivists occupy an area somewhere between criminals and state actors – they’re in it for the politics rather than the money, but are not necessarily state sponsored operators. Most groups are Russian or Iranian. They are always disruptive (DDoS and defacement attacks), and sometimes, like CARR (the Cyber Army of Russia Reborn, which does have links to state actors) and Killnet, are also destructive. Attacks against US infrastructure are not uncommon, with Garnesia Team, From Lammer to Martha, and Z Blacx H4t being the most active.
Nation state actors. The most serious adversarial cyber threat to the US elections comes from the elite nation state (APT) threat groups. Fortinet has seen 23 different state-sponsored groups targeting the US during 2024, with China, Russia and Iran leading the activity. “We anticipate increased cyber espionage activities from China, Russia, Iran, and North Korean threat actors aimed at disrupting or manipulating the US electoral process and political landscape,” warns Fortinet.
The most visible threat from state actors over the year has been the attempt to undermine confidence in the US electoral process (and potentially alter outcomes) through misinformation campaigns supported by artificial intelligence. Several such campaigns have been detected and blocked. It is worth noting that with just weeks to go before Election Day, the actual threat from disinformation is now lessening. The strongly partisan nature of the US electorate likely means that disinformation will confirm existing views rather than change them. The Independents, however, are another matter – they could still be swayed. And it is highly likely that state actors have already stolen enough information to know who they are.
Casey Ellis, founder and chief strategy officer at Bugcrowd, comments, “Of particular note is the volume of records available on the dark web in 2024,” highlighted by the report. “While it may be difficult to use these records to commit the kind of fraud or attacks that would directly modify the outcome of an election, it’s certainly a cheap and simple exercise to highlight the possibility of their use as a way to instill distrust in the democratic process, and to potential affect and manipulate voter turnout.”
As recently as mid-September, the ODNI warned, “Foreign actors, especially Russia, are also… using AI to enhance rather than generate content. For example, the IC assesses Russian influence actors were responsible for staging a video in which a woman claims she was the victim of a hit-and-run car accident by the Vice President and altering videos of the Vice President’s speeches.”
Alex Quilici, CEO at YouMail, told SecurityWeek, “The rise of AI and deepfake technology has taken these threats to a new level. We’re not just dealing with generic robocalls anymore. AI can now create highly convincing voice attacks that make it sound like a trusted figure, such as a candidate, urging you not to vote or spreading false information. This kind of deception can seriously undermine public trust and disrupt the electoral process.”
This close to Election Day, however, it is likely that adversarial intentions may shift from misinformation to actual disruption of the election process. The report notes, for example, the potential use of ransomware to “disrupt critical government functions related to the electoral process, such as voter registration databases, election management systems, or communication channels used by election officials. This could lead to delays in voter registration, voting process disruptions, and results.”
Derek Manky, global VP of threat intelligence at Fortinet’s FortiGuard Labs, expanded on this. He told SecurityWeek, “There is always a chance that something can be done to disrupt the election cycle, however, this must be done at a mass scale, such as attacking the electrical grid, performing a fiber cut on internet infrastructure at the deep-sea level, performing a DDoS attack on major news and social media websites etc. With that said, these attempts will just be a major distraction, as the voting process and voting machines in the United States are not internet connected.
Undermining public confidence in the electoral process is a threat to US democracy itself. This is especially relevant to US geopolitical enemies given the increasing East / West tensions emanating from the war in Ukraine. What is clear from Fortinet’s analysis is that the potential for disruption to November’s Election Day is severe, and the threat is real.
Related: Cybersecurity Head Says There’s No Chance a Foreign Adversary Can Change US Election Results
Related: US Targets Russian Election Influence Operation
Related: Google Disrupts Iranian Hacking Activity Targeting US Presidential Election
Related: Iran Accelerating Cyber Activity to Influence the US Election, Microsoft Says
