Phishing scams aimed at voters, malicious domain registrations impersonating candidates, and other threat activity designed to exploit unassuming victims take center stage as the U.S. election approaches #Vertiv
Derek Manky, Chief Security Strategist and VP of Global Threat Intelligence at Fortinet
“As the 2024 U.S. presidential election approaches, it’s
critical to recognize and understand the cyberthreats that may impact
the integrity and trustworthiness of the election process and the
welfare of the participating citizens. Cyber adversaries,
including state-sponsored actors and hacktivist groups, are
increasingly active leading up to major events like elections. Remaining
vigilant and identifying and analyzing potential cyberthreats and
vulnerabilities is crucial for preparing and safeguarding
against the lures and targeted cyberattacks that could take advantage
of a heightened moment in time and even disrupt or influence electoral
outcomes.”
News Summary
Fortinet® (NASDAQ:
FTNT), the global cybersecurity leader driving the convergence of
networking and security, today released its FortiGuard Labs Threat
Intelligence Report:
Threat
Actors Targeting the 2024 U.S. Presidential Election,
which reveals and analyzes threats tied to U.S.-based entities, voters,
and the electoral process. Key findings from the threat intelligence
report
include:
- Phishing Scams Targeting Voters Leading Up to the 2024 U.S. Presidential Election: Threat actors are selling affordable phishing kits on the darknet designed to target voters and donors by impersonating the presidential candidates and their campaigns.
- Malicious Domain Registrations on the Rise: More than 1,000 new potentially malicious domains have also been registered since the beginning of 2024 that follow particular patterns and incorporate election-related content and candidates, suggesting that threat actors are leveraging the heightened interest surrounding the election to lure unsuspecting targets and potentially conduct malicious activities.
- Darknet Landscape: Billions of records from the U.S. are for sale on darknet forums, including Social Security numbers (SSNs), personally identifiable information (PII), and credentials that could be used in misinformation campaigns and lead to fraudulent activity, phishing scams, and account takeover; approximately 3% of the posts on darknet forums involve databases related to business and government entities.
- Ransomware Landscape: FortiGuard Labs researchers noted a 28% increase in ransomware attacks against the U.S. government year-over-year based on observed leak sites.
Scams Targeting the U.S. 2024 Presidential Election Flood the Darknet
Cyber adversaries, including state-sponsored actors and hacktivist groups, are increasingly active in the lead-up to elections.
The FortiGuard Labs research team observed threat actors selling
distinct phishing kits for $1,260 each, created to impersonate U.S.
presidential candidates. These kits are designed to harvest personal
information, including names, addresses, and credit
card (donation) details.
Since January 2024, FortiGuard Labs researchers have also identified
more than 1,000 newly registered domain names that incorporate
election-related terms and references to prominent political figures.
Fraudulent fundraising websites, including secure[.]actsblues[.]com,
meant to imitate the legitimate site for ActBlue
(secure[.]actblue[.]com), a nonprofit American fundraising platform and
political action committee.
The top two most-used hosting providers for these election-themed
websites are AMAZON-02 and CLOUDFLARENET. The reliance on major hosting
platforms such as Amazon Web Services (AWS) and Cloudflare suggests that
threat actors are leveraging these reputable
services to enhance the legitimacy and resilience of their malicious
domains.
A notable concentration of domains is associated with a limited
number of IP addresses, indicating a centralized approach by threat
actors to efficiently manage multiple malicious domains to execute
large-scale cyber campaigns.
No Shortage of Personal Data Being Sold Aimed at the U.S.
FortiGuard Labs analysis continues to show a significant number of
diverse databases available on darknet forums targeting the U.S.,
including SSNs, usernames, email addresses, passwords, credit card data,
date of birth, and other PII that could be used
to challenge the integrity of the 2024 U.S. election. Specific
highlights include:
- Over 1.3 billion rows of combo lists, which include usernames, email addresses, and passwords, signify a considerable risk for credential-stuffing attacks. In such attacks, cybercriminals use these stolen credentials to gain unauthorized access to accounts, making it a valid and substantial security concern.
- The discovery of 300,000 rows of credit card data, which include CVV, name, card number, expiration date, and date of birth, highlights potential financial fraud risks targeting voters and election officials.
- Over 2 billion rows of user databases on the darknet indicate a heightened exposure to identity theft and targeted phishing attacks.
- 10% of the posts on darknet forums are associated with SSN databases, which poses a significant threat by increasing the risk of personal data breaches.
The U.S. Government Is an Increasingly Attractive Target
Ransomware attacks targeting government agencies before an election
can impact the electoral process and public trust in government
institutions. Compared to 2023, the FortiGuard Labs research team
observed a 28% spike in ransomware attacks against the U.S.
government in 2024.
The darknet has become a hub for U.S.-specific threats, where
malicious actors trade sensitive information and can potentially develop
strategies to exploit vulnerabilities. Approximately 3% of the posts on
these forums involve databases related to business
and government entities. These databases hold critical organizational
data that is vulnerable to cyber exploits and are a prime target for
threat actors as the elections come and go.
Recommendations to Prevent and Mitigate Cyberattacks this Election Season
Cybersecurity measures are critical to safeguard the integrity of the
U.S. 2024 presidential election. Following fundamental best practices
can help prevent and mitigate the effects of cyber incidents. The full
list of recommendations and best practices
can be found in the report, but some key takeaways for citizens,
business leaders, and election officials include:
- Always remain vigilant for suspicious behavior or activity leading up to major events and prioritize good cyber hygiene.
- Prioritize employee training and awareness.
- Enforce multi-factor authentication and a strong-password policy.
- Install endpoint protection solutions.
- Patch operating systems and web servers and update software regularly.
About the Fortinet FortiGuard Labs Election Security Report
- This report provides an in-depth analysis of threats observed from January 2024 to August 2024. It examines the diverse array of cyberthreats that may affect U.S.-based entities and the electoral process.
Additional Resources
- Read the full FortiGuard Labs Threat Intelligence Report: Threat Actors Targeting 2024 U.S. Presidential Election.
- Learn about FortiRecon and generating reports like this for your organization.
- Learn about FortiGuard Labs threat intelligence and research and Outbreak Alerts, which provide timely steps to mitigate breaking cybersecurity attacks.
- Learn about Fortinet's commitment to product security and integrity, including its responsible product development, vulnerability disclosure approach, and policies.
- Follow Fortinet on X, LinkedIn, Facebook, and Instagram. Subscribe to Fortinet on our blog or YouTube.
Tags
Vertiv