Fortinet: Hackers Zero In on Presidential Election

Potential outcomes of this cybercrime remain unknown at this time.

Edward Gately, Senior News Editor

October 15, 2024

5 Min Read
Presidential election 2024 and cybersecurity threats
QubixStudio/Shutterstock

Cybercriminals are actively targeting the upcoming U.S. presidential election, according to Fortinet’s FortiGuard Labs Threat Intelligence Report.

The FortiGuard Labs report reveals and analyzes threats tied to U.S.-based entities, voters and the electoral process. It analyzes threats it observed from January-August. Cyber adversaries, including state-sponsored actors and hacktivist groups, are increasingly active in the lead-up to elections.

For U.S.-specific threats, the dark web has become a hub for malicious actors to trade sensitive information and develop strategies to exploit vulnerabilities. Hacktivist groups are also mobilizing, aiming to disrupt proceedings or sway public opinion through coordinated cyber campaigns.

Key findings from the threat intelligence report include:

  • Threat actors are selling affordable phishing kits on the darknet that they've designed to target voters and donors by impersonating the presidential candidates and their campaigns.

  • More than 1,000 new potentially malicious domains have also been registered since the beginning of 2024 that follow particular patterns and incorporate election-related content and candidates, suggesting that threat actors are leveraging the heightened interest surrounding the election to lure unsuspecting targets and potentially conduct malicious activities.

  • Billions of records from the United States are for sale on darknet forums, including Social Security numbers, personally identifiable information (PII) and credentials that could be used in misinformation campaigns and lead to fraudulent activity, phishing scams and account takeovers. About 3% of the posts on darknet forums involve databases related to business and government entities.

  • FortiGuard Labs researchers noted a 28% increase in ransomware attacks against the U.S. government year-over-year based on observed leak sites. Ransomware attacks targeting government agencies before an election can impact the electoral process and public trust in government institutions.

Related:Sophos CEO Joe Levy on Lessons Learned from CrowdStrike-Microsoft Outage

Preying On a Large Population Focused On the Presidential Election

Derek Manky, global vice president of threat intelligence with Fortinet’s FortiGuard Labs, said the big takeaway from this research is that threat actors don’t always need to reinvent the wheel to accomplish their goals.

Fortinet's Derek Manky

“What we see in this report are not highly sophisticated tactics, but they are highly effective and potentially lucrative,” he said. “This is the case of threat actors taking the path of least resistance and preying on a large population that has all eyes on the election and its key political figures.”

Related:Cynomi vCISO Platform: 'Proof Is in the Pudding'

The noise and passion surrounding the election, or any major event, makes it much easier to fall victim to an increased volume of phishing activity or believable websites, and at that point the outcome is completely up to the threat actor, Manky said.

“Whether the attacker’s goal is financially motivated, spreading misinformation or disinformation, or using this as a stepping stone for future attacks, it’s incredibly important for anyone following the election to stay vigilant for scams and exercise proper cybersecurity hygiene during these times,” he said.

Cybercrime Groups with Varying Goals

As far as who’s behind the threats, it is a culmination of many threat actors, both cybercrime focused and nation-state, Manky said.

“Unfortunately, all these groups have various goals, with nation-states more focused on disrupting democracy and economic interests, and possibly swaying votes towards a president that would favor their interests more,” he said. “Cybercrime groups are primarily focused on making as much money as they can through various means.”

Potential outcomes of this cybercrime remain unknown at this time, Manky said.

“At the very least, elections in the United States are not connected to the internet and rely on conventional offline-voting means,” he said. “We can only surmise that deep fakes and various misinformation created by AI can persuade and sway voters' mindsets, but there is no way to quantify or qualify this.”

Related:Fortinet Engage Partner Program Evolves to Services Model

There’s always a chance to grow and use situations like this to improve, Manky said.

“Cybersecurity industry organizations and governments can continue to come together at a global level and provide research such as this, and provide various public service announcements designed to alert voters of potential scams and AI-generated content that is becoming increasingly more convincing,” he said.

AI-Powered Deep Fakes, Automated Trolling Significant Risks

Nick France, Sectigo’s CTO, said primary security concerns around the 2024 presidential election include AI-driven misinformation dissemination, hacking of voter databases and tampering with voting machines.

“Preparation requires robust cybersecurity protocols, staff training and deploying AI-driven detection systems,” he said. “AI-powered deep fakes and automated trolling pose significant risks, fueling misinformation, damaging reputations and undermining trust. Combating this threat necessitates developing AI-driven detection tools and promoting media literacy among the populace. Election officials and political campaigns need to be investing in AI-driven threat intelligence, conduct regular security assessments and enforce strict access controls. Fostering collaboration among government agencies and cybersecurity experts is essential for a coordinated response to emerging threats.”

Casey Ellis, Bugcrowd’s founder and chief strategy officer, said as expected, the run-up into the 2024 Presidential Election is providing a predictably unstable information environment. This in turn creates a wide variety of options and opportunities for cyber-borne threats actors of all types and all motivations, and “this report serves as a useful reminder that this will continue to escalate until, and beyond, Election Day itself.”

Bugcrowd's Casey Ellis

“Of particular note is the volume of records available on the dark web in 2024,” he said. “While it may be difficult to use these records to commit the kind of fraud or attacks that would directly modify the outcome of an election, it’s certainly a cheap and simple exercise to simply highlight the possibility of their use as a way to instill distrust in the democratic process, and to potentially affect and manipulate voter turnout.”

About the Author

Edward Gately

Senior News Editor, Channel Futures

As senior news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like