Cyber threats to 2024 US election identified by Fortinet

Fortinet FortiGuard Labs has identified escalating cyber threats targeting the 2024 United States presidential election, with various cyber adversaries shifting focus to U.S.-based entities, voters, and the electoral process.

According to the FortiGuard Labs Threat Intelligence Report, cyber adversaries, including state-sponsored entities and hacktivist groups, are increasingly exploiting the electoral climate. Derek Manky, Chief Security Strategist and Vice President, Global Threat Intelligence, Fortinet, emphasised the importance of understanding these cyberthreats. "As the 2024 U.S. presidential election approaches, it's critical to recognise and understand the cyberthreats that may impact the integrity and trustworthiness of the election process and the welfare of the participating citizens. Cyber adversaries, including state-sponsored actors and hacktivist groups, are increasingly active leading up to major events like elections. Remaining vigilant and identifying and analysing potential cyberthreats and vulnerabilities is crucial for preparing and safeguarding against the lures and targeted cyberattacks that could take advantage of a heightened moment in time and even disrupt or influence electoral outcomes."

The report sheds light on a variety of threats, including phishing scams and malicious domain registrations specifically designed to target voters. One noteworthy observation is that threat actors are selling phishing kits on the darknet for USD $1,260 each. These kits impersonate U.S. presidential candidates, potentially harvesting personal details such as names, addresses, and credit card information, which is often linked to campaign donations.

In addition to phishing scams, FortiGuard Labs has tracked over 1,000 newly registered domains since January 2024 that bear resemblance to election-related content and political figures, further raising concerns about potential misuse to deceive unsuspecting individuals. These domains, crafted to attract election-related traffic, underline a significant risk associated with such high-stakes events.

Further findings from FortiGuard Labs indicate a concerning trend of sensitive data available for sale on darknet forums. Billions of records, including Social Security numbers (SSNs) and other personally identifiable information (PII), are reportedly on offer, with approximately 3% of these posts linked to business and government databases. Such information represents a considerable risk for misinformation campaigns, phishing scams, and identity theft.

The report also uncovers a 28% increase in ransomware attacks targeting U.S. government entities compared to the previous year. This spike highlights the heightened vulnerability of government operations during the lead-up to national elections, posing risks to the electoral process and public trust.

With malicious actors leveraging reputable hosting services like Amazon Web Services (AWS) and Cloudflare, and employing centralised management of IP addresses, the legitimacy and resilience of fraudulent domains have seemingly been enhanced, posing challenges for detection and mitigation.

The report advises vigilant cybersecurity measures to protect against these threats. Recommendations include enhancing employee training, enforcing multi-factor authentication, and maintaining updated software systems to prevent cyber incursions. These practices are aimed at fortifying protections against the tactics employed by cyber adversaries during this critical period.