The Biggest 2024 Elections Threat: Kitchen-Sink Attack Chains

If history tells us anything, the biggest cyber threat to this year's election won't be a leak, a distributed denial of service (DDoS) attack, or a fake news video. Instead, it will be a combination of these or more.

In the salad days of cyberspace, hackers made a lot of noise using simple, straightforward methods: hiding viruses in advertisements, hacking websites with easy-to-guess passwords, and so on. Although this still happens, greater cybersecurity awareness and better protections often require attackers to become more creative and chain multiple tactics together to achieve their goals.

This also applies to elections. In 2006, Joe Lieberman's presidential campaign aides had to rely on their personal emails A DoS attack has frozen their IT systems. As is well known, a decade later came the Podesta email leak. According to Mandiant, part of Google Cloud, chain attacks are the biggest threat to the democratic process.

“In the most significant election-related cyber incidents Mandiant has observed, threat actors intentionally layered multiple tactics in hybrid operations so that the impact of each component amplified that of the others,” the company wrote a new report.

Combined election attacks

One case study Mandiant pointed to occurred in 2014, when Ukraine's presidential election was disrupted by a Russian cyberattack following the overthrow of pro-Russian President Viktor Yanukovych and the Russian invasion of Crimea.

A week before Election Day, Russian actors hiding behind the hacktivist name “Cyber ​​Berkut” attacked NATO-related websites and Ukrainian media DDoS attacks. That set the stage for the same fake hacktivist group to break into the country's central voting computers and delete files with four days to go rendered the vote counting system inoperable.

A day later, they added to the chaos by crippling additional election infrastructure and then leaking the emails and documents stored there onto the Internet. Finally, just 40 minutes before the election results were released, the country's Central Election Commission reportedly removed some kind of virus that was intended to fake results in favor of the far-right, ultra-nationalist candidate.

This extreme form of combined cyber warfare may have only occurred in one country experiencing such upheaval, but other chained cyber attacks have since hit more stable democracies.

In 2020, two Iranian nationals in their 20s conducted a campaign against election-related websites in several US states. They managed to obtain confidential voter information from at least one of them, which they had done previously Send intimidating and misleading emails, including by spreading a video containing disinformation about vulnerabilities in election infrastructure. They also violated a media outlet, which the Justice Department found could have given them another channel to spread their false claims.

“Leaks are particularly powerful. “They may be even more impactful when compounded by the compromise of legitimate media,” said John Hultquist, principal analyst at Mandiant Intelligence at Google Cloud.

The fraud/fake news trick is a powerful invention. “These disinformation efforts are often orchestrated by state-backed organizations from countries like China, Russia and Iran,” warns Madison Horn, who is running for a congressional seat in Oklahoma’s 5th District in 2024. “Their impact is undeniable, as demonstrated by examples such as Russia’s involvement in the 2016 US election and China’s ongoing global influence operations, which clearly demonstrate their ability to influence public opinion and disrupt election integrity.”

The threat of cybercrime

It is not just state-sponsored actors who pose a threat to the democratic process, Mandiant emphasized. Insiders, hacktivists and cybercriminals muddy things in their own way.

In most cases, “the channels for these campaigns are popular social media platforms – X, Telegram, Facebook – and YouTube, making the digital battlefield as accessible as it is dangerous,” warns Horn.

From January 2023 to March 2024, cybersecurity firm BrandShield tracked suspicious new social media accounts and web domains related to the presidential campaigns of Joe Biden and Donald Trump. Hundreds of imposter accounts were found on social media sites, as well as 2,335 suspicious websites claiming some connection to the president and 9,639 for the former president (supported by a 197% increase following his arrest in August).

Fake websites and accounts are useful for spreading scams or malware and stealing funds that voters intended to give to candidates, or they can be used in conjunction with other tactics to achieve larger goals.

“They can be used to obtain information from people and potentially try to influence their views by spreading fake news,” says the CEO of BrandShield Yoav Keren, former advisor in the Israeli Knesset. “I even think they can use these platforms to interact with real people from the campaigns and infiltrate their systems. These imitations can be used in many different ways.”

“I don’t want to give the bad guys too many good ideas,” he says, “but they usually come up with ideas before I do.”

You might also like

Comments are closed.