A surge in cyber threat activity targeting the 2024 US Presidential election has been observed by security researchers.
Compiled by FortiGuard Labs, Fortinet's cybersecurity research division, the report outlines key threats, including phishing scams, malicious domain registrations and the sale of sensitive US data on darknet forums.
Phishing Attacks and Malicious Domain Registrations
Phishing attacks designed to deceive voters are a primary concern. Researchers discovered that threat actors are selling phishing kits which impersonate US presidential candidates and their campaigns for $1260.
These kits are used to collect personal information, including credit card details. Furthermore, over 1000 new domain names linked to the election have been registered since January 2024.
Many of these sites are designed to look like legitimate fundraising platforms, such as the fraudulent "secure[.]actsblues[.]com," mimicking the nonprofit ActBlue.
The darknet has also become a hotbed of election-related cyber activity. Billions of records, including Social Security numbers, email addresses and passwords, are being sold in these forums.
FortiGuard researchers found that approximately 3% of darknet posts involve databases related to US business and government entities, heightening concerns about potential identity theft and account takeovers.
A particularly alarming statistic is the availability of over 1.3 billion rows of usernames and passwords in "combo lists," used for credential-stuffing attacks.
"While it may be difficult to use these records to commit the kind of fraud or attacks that would directly modify the outcome of an election it's certainly a cheap and simple exercise to simply highlight the possibility of their use as a way to instill distrust in the democratic process, and to potential affect and manipulate voter turnout," warned Bugcrowd founder Casey Ellis.
Read more on cyber threats to the electoral process: NCSC Expands Election Cybersecurity to Safeguard Candidates and Officials
Ransomware Threats and Preventive Measures
Ransomware attacks have also seen a 28% rise in 2024 compared to the previous year, with a marked focus on US government agencies. These attacks could disrupt the election process and further damage public trust in the system.
To safeguard against these risks, Fortinet recommends several preventive measures:
- Enforcing multi-factor authentication (MFA)
- Installing endpoint protection
- Regularly updating software and systems
- Promoting cybersecurity training for employees and election officials
"Election officials and political campaigns need to be investing in AI-driven threat intelligence, conduct regular security assessments, and enforce strict access controls," added Sectigo CTO, Nick France.
"Fostering collaboration among government agencies and cybersecurity experts is essential for a coordinated response to emerging threats," he said.
As the election draws near, vigilance and proactive cybersecurity practices will be crucial in maintaining the integrity of the voting process.