top of page

2024 US Election Cyber Threats: APT Exploitation of Electoral Systems and Mitigation Strategies

CVE Image for report on 2024 US Election Cyber Threats

Executive Summary

As the 2024 US presidential election looms, the cybersecurity landscape is fraught with potential threats from nation-state actors and cybercriminals. This report, derived from the ReliaQuest blog, delves into the primary cyber threats linked to the election, including nation-state threats, hack-and-leak operations, disinformation campaigns, and cybercriminal activities. We also assess the potential impacts on enterprises and propose specific mitigation strategies to safeguard against these threats.

Technical Information

The 2024 US election is a prime target for nation-state actors such as APT28 (Russia), APT41 (China), APT33 (Iran), and the Lazarus Group (North Korea). These groups are anticipated to employ a variety of tactics, including hack-and-leak operations, disinformation campaigns, and attacks on critical electoral infrastructure. Hack-and-leak operations involve unauthorized access to sensitive information, which is then leaked to manipulate voter perceptions. A notable instance is the US government's attribution of a hack-and-leak operation targeting Donald Trump's campaign to Iran. Disinformation and cyber influence operations are also expected, with APT groups utilizing fake social media profiles, bot networks, and troll farms to disseminate false information. The US government has recently seized domains used by Russia to influence the election through fake news websites. Additionally, cyber attacks on critical electoral infrastructure are a significant concern. APT groups may target voter registration systems and deploy ransomware to disrupt the voting process. Distributed Denial of Service (DDoS) attacks could be used to overwhelm election websites, spreading false narratives about election integrity.

Cybercriminals are poised to exploit the election period for financial gain through phishing attacks, SEO poisoning, and typosquatting domains. Electoral-themed phishing attacks involve crafting emails that appear to be from legitimate political campaigns or election authorities. The SocGholish phishing campaign exemplifies how attackers use election-themed topics to deploy malware. SEO poisoning and drive-by downloads are tactics where cybercriminals optimize malicious websites to appear in top search engine results, leading to drive-by downloads of malware. The 2018 US midterm election witnessed similar tactics, with over 10,000 websites hacked to promote malicious content. Typosquatting domains running crypto scams involve registering domains with slight misspellings of legitimate election-related websites to deceive users into visiting fraudulent sites. These sites may host cryptocurrency scams, as seen with domains impersonating Donald Trump and Kamala Harris campaign websites.

The impact on enterprises, particularly those with government ties or politically sensitive roles, is significant. Hack-and-leak operations can result in reputational damage, while disinformation campaigns can erode public trust. Phishing attacks may lead to unauthorized access to corporate networks, and SEO poisoning can result in malware infections.

Exploitation in the Wild

Specific instances of exploitation include the SocGholish phishing campaign, which uses election-themed topics to deploy malware. Additionally, over 10,000 websites were hacked during the 2018 US midterm election to promote malicious content through SEO poisoning. Typosquatting domains have been used to impersonate campaign websites, hosting cryptocurrency scams.

APT Groups using this vulnerability

The APT groups expected to exploit these vulnerabilities include APT28 (Russia), APT41 (China), APT33 (Iran), and the Lazarus Group (North Korea). These groups have a history of targeting electoral processes and are likely to employ similar tactics during the 2024 US election.

Affected Product Versions

The affected products and versions are not limited to specific software but rather encompass a range of systems involved in electoral processes, including voter registration systems, campaign databases, and election-related websites.

Workaround and Mitigation

To mitigate these threats, organizations should adopt a defense-in-depth strategy. This includes deploying advanced email security solutions that use machine learning to detect and block phishing attempts. Conducting threat simulations and red team exercises can help identify weaknesses. Digital risk protection tools like GreyMatter DRP can monitor mentions of your organization in cybercriminal forums and identify suspicious activity. DDoS mitigation can be achieved through cloud-based services and web application firewalls to protect against traffic surges. Network security enhancements, such as using proxies and dedicated DNS servers, can restrict communication to specific ports or protocols. Employee training is crucial to educate staff on recognizing phishing attempts and the tactics used in typosquatting scams.

References

ReliaQuest Blog: 2024 US Election: Top Cyber Threats & Organizational Impacts https://www.reliaquest.com/blog/2024-us-election-top-cyber-threats-organizational-impacts/ MITRE ATT&CK Framework: Techniques used by APT28, APT41, APT33, and Lazarus Group US Government Reports on Election Interference

Rescana is here for you

At Rescana, we are committed to helping our customers navigate the complex cybersecurity landscape with our Continuous Threat and Exposure Management (CTEM) platform. Our solutions are designed to provide comprehensive protection against emerging threats, ensuring that your organization remains secure. Should you have any questions about this report or any other cybersecurity concerns, please do not hesitate to contact us at ops@rescana.com.

9 views0 comments

Comments

Rated 0 out of 5 stars.
No ratings yet

Add a rating
bottom of page