As the upcoming elections in the US approach, there is an increasing observation of phishing fraud aimed at voters, the registration of malicious domains masquerading as candidates, and other threats aimed at exploiting unsuspecting victims.
Fortinet has published a report, prepared by FortiGuard Labs, which investigates cybercriminal activities targeted at the American presidential election in 2024. This document reveals and analyzes threats related to American business entities, organizations, voters, and the entire electoral process.
Derek Manky, Chief Security Strategist, VP of Global Threat Intelligence at Fortinet, said, “As the 2024 U.S. presidential election approaches, it is crucial to recognize and understand cyber threats that can impact the integrity and credibility of the electoral process and the well-being of the citizens participating in it. Cybercriminals, including state-sponsored entities and activist groups, are increasingly active ahead of significant events like elections. Maintaining vigilance, identifying, and analyzing potential digital threats and vulnerabilities are key to preparing for and protecting against targeted cyber attacks, so that cybercriminals cannot exploit these unique moments or disrupt the elections or influence their results.”
The darknet is being flooded by scams targeted at the 2024 U.S. presidential election. Cybercriminals, including state-sponsored entities and activist groups, are becoming more active in the period leading up to the elections.
The FortiGuard Labs research team observed people selling various phishing kits for $1260 each, designed to impersonate candidates for the US presidency. These kits aim to collect personal data, including names, addresses, and credit card numbers (given to make donations).
From January 2024, FortiGuard Labs researchers also identified over a thousand newly registered domain names, which contain terms related to elections and references to known political figures. Among them was a fake website address of the American non-profit platform ActBlue which collects funds for political campaigns – the address secure[.]actsblues[.]com was intended to imitate the legitimate site at secure[.]actblue[.]com.
The most frequently exploited hosting service providers for fake election-themed websites are AMAZON-02 and CLOUDFLARENET. Cybercriminals’ reliance on major hosting platforms such as Amazon Web Services (AWS) and Cloudflare suggests that they purposefully use services with industry-recognized reputations to give the impression of legality and resilience to their malicious sites.
When it comes to election-related threats, it can also be observed that a significant number of malicious domains are associated with a fairly limited number of IP addresses. This suggests a centralized approach of cybercriminals to effectively manage this environment in order to conduct large-scale digital campaigns.
Personal data is still being sold wholesale in the US. FortiGuard Labs’ analysis showed the continued availability in considerable numbers of diverse databases on darknet forums, targeting United States citizens and containing SSN numbers, usernames, email addresses, passwords, credit card data, birth dates, and other personal information that can be used to influence the integrity of the US elections in 2024. Here are some of the data discovered by analysts:
There is a list containing over 1.3 billion records with usernames, email addresses, and passwords, which can be used for credential stuffing attacks. These cybercriminals use stolen authentication data to gain unauthorized access to accounts, posing a significant security threat.
A database containing 300 thousand records of credit card data (name, card number, CVV, expiry date and birth date) was discovered, which could be used for financial fraud targeted at voters and election officials.
The presence on the darknet of a database with over 2 billion records of user data indicates an increased risk of identity theft attacks and targeted phishing campaigns.
10% of posts on darknet forums are linked to databases containing SSN numbers, posing a serious threat and increasing the risk of personal data breaches.
The US government is becoming an increasingly attractive target for attacks. Ransomware attacks against government agencies before elections could affect the election process itself and public confidence in government institutions. The FortiGuard Labs research team observed in 2024 a 28% increase (compared to 2023) in the number of ransomware attacks on the US government.
The darknet has become a hub for US-specific threats, where malicious actors trade confidential information and could potentially develop strategies for exploiting security vulnerabilities. About 3% of the posts on these forums concern databases related to business and government entities. Critical organizational data can be found in these databases, which can be used to conduct cyber attacks on government entities each time elections approach and continue.
Information about the report from Fortinet’s FortiGuard Labs on election security:
The published report presents a detailed analysis of threats observed from January 2024 to August 2024. It presents a range of diverse cyber threats that could potentially affect entities based in the US and the election process.
Source: https://managerplus.pl/cyberprzestepcy-probuja-wplynac-na-wyniki-wyborow-w-usa-54699
