Read more about cyber-threats to the 2024 US elections:
- Only 4% of US States Fully Prepared for Cyber-Attacks Targeting Elections
- Foreign Actors Targeted 2022 US Elections, Intelligence Community Reveals
- Election Protection is CISA's Top Priority
With a record number of elections this year, the world will face unprecedented cyber threats aimed at sowing discord and manipulating democratic processes.
Nation-states like Russia have a history of such interference, as seen in US elections, and are expected to continue these tactics in 2024.
As recently as December 2023, information published by the UK’s National Cyber Security Centre (NCSC) confirmed that Russian Intelligence Services have been engaging in a sustained cyber campaign aimed at interfering in UK politics and democratic processes.
From the US presidential race to European and Indian polls, the world must brace itself for a year of unprecedented cyber threats to its electoral systems.
Russia Set to Continue to Disrupt Democratic Efforts
Russian-backed operatives were at the center of investigations into interference in the 2016 US presidential election, which brough cybercriminal activity around the democratic process into the spotlight.
Recently, US intelligence agencies confirmed that it detected evidence of foreign interference during the 2022 US federal elections. Russia, China and Iran were among the estimated countries of origins for these operations.
“America’s main adversaries each have incentive to destabilize Western democracy.”Tony Adams, Secureworks Counter Threat Unit.
Meanwhile, during the 2022 US midterm elections, Mandiant observed an increase in DDoS attacks deployed by pro-Russian “hacktivist” groups. These groups wanted to shape public perception that Russia could and did influence the elections.
Such activity is ongoing in both the US and Europe, especially since the Russian invasion of Ukraine.
However, Jamie Collier, principal threat intelligence advisor (EMEA) at Google Cloud’s Mandiant, cautioned focusing exclusively on the threat from Russia-backed actors.
“Belarus-nexus threat actors have become increasingly active in recent years and have provided technical support for information operations in Eastern Europe. Similarly, pro-Chinese and pro-Iranian information operations have also increased in terms of scale and scope of campaigns in the region,” he told Infosecurity.
Tony Adams, senior threat researcher at the Secureworks Counter Threat Unit, said, “America’s main adversaries each have incentive to destabilize Western democracy, and none would pass on the chance to exploit even the smallest weaknesses in election systems if it caused voters to doubt the legitimacy of their vote or the election result.”
What Will Election Interference Look Like?
Cyber threat actors have a myriad of techniques and tactics at their disposal. Security analysts suggested some of the methods that may be used to tamper or interfere with election activity.
Adams said the most likely scenario in impacting elections would involve a cyber-attacks that support a larger influence operation aimed at eroding trust in the integrity of our election processes and the outcome of the 2024 US federal elections.
He noted that the following tactics could “further a false narrative that democracy is fragile”:
- Denial of service attack against an election reporting system
- Leak of voter registration databases
- A false flag ransomware attack against a local or state government elections entity
Sharon Wagner, CEO of Cybersixgill, also noted that cybercriminals will offer their skills and expertise for hire in order to carry out such attacks. He also told Infosecurity that affiliate programs will continue to grow and ransomware gangs will franchise their technology.
Steve Cobb, CISO of SecurityScorecard, highlighted that the tactics will greatly depends on the motivation of the threat actors.
If cybercriminals’ motivation is financial, they will use traditional phishing and smishing campaigns to access and steal the data they need to siphon funds from the average citizen or political campaign.
However, if they are strictly looking at disrupting the democratic process, then you will see threat actors sow discord via social media utilizing bots and open source intelligence (OSINT), Cobb noted.
To do this, they will identify key influencers and intercept and interrupt their followers and create false narratives that will heighten tensions and cause the political bases to become more divided.
Cobb also said threat actors will also look for ways to compromise the communication systems of political campaigns to exfiltrate and leak negative information.
Experts Debate the Role of Deepfakes and Generative AI
As generative AI tools have taken the world by storm one of the biggest concerns is the ability to create convincing deepfakes.
In a study by University College London, researchers found that humans failed to detect deepfake speech in 27% of samples presented to them.
Alex Heid, vice president of threat intelligence at SecurityScorecard, believes that nation-state threat actors will exploit the power of deepfakes and AI voice impersonations to conduct widespread social engineering attacks leading up to the 2024 US presidential elections.
“In the lead-up to the 2024 US presidential elections, a new era of misinformation will increase public distrust,” he said. “Prepare for a battle against deceptive manipulation like never before.”
However, Secureworks’ Adams said that the challenge for those using generative AI to create content for information operations is building a compelling and viral narrative that alters or reinforces the behavior or beliefs of a voter.
“Influence operations should be expected but generative AI will unlikely be a game changer in the upcoming 2024 elections,” he commented.
“Fears around emerging AI threats must be balanced alongside existing cyber threats.”Jamie Collier, Mandiant
Meanwhile, Collier called for a calm and grounded approach to AI.
“There is a clear temptation for security leaders to press the panic button when it comes to AI threats. However, fears around emerging AI threats must be balanced alongside existing cyber threats as well as a continued focus on security fundamentals,” he said.
Collier also pointed to the fact that defenders will also be using AI technology to counter threat actors’ advances.
How Can Governments Protect Against Cyber-Threats?
The US government’s Cybersecurity and Infrastructure Security Agency (CISA) has said that the protection of the upcoming elections is a top priority. It has already deployed cybersecurity advisors across the country to support the effort.
Mandiant’s Collier said: “The most vital thing is for governments to understand the various links between information operations and network intrusions.”
By understanding the techniques used by threat actors and their motivations, governments will be able to build more proactive and resilient defenses.
Cobb added that non-political cybersecurity experts should be leveraged by governments to advise and provide guidance on specific monitoring and controls to implement to keep the election safe, secure, and accurate.
Finally, Adams highlighted the importance of promptly patching interfacing systems and ensuring staff can recognize and handle suspicious emails.
“Election officials and administrators should work with their election management vendors and service providers to confirm that security best practices are being followed,” he said.