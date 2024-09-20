BY Stu Sjouwerman4 minute read

As the 2024 U.S. elections draw near, both public and private organizations as well as government institutions must ready themselves to battle a range of cyber threats designed to influence voters and disrupt electoral processes.

Let’s explore a cross-section of these threats and the security measures needed to mitigate these risks. 1. PHISHING AND SOCIAL ENGINEERING Phishing and social engineering attacks play a major role during elections.

Outlandish headlines spark voter interest and curiosity, compelling visits to malicious websites where malware is downloaded or credentials are mistakenly surrendered. Additionally, state-sponsored threat actors can target specific government officials or individuals associated with an election campaign. In August, Microsoft reported that Iranian hackers infiltrated an email account of a former senior advisor to a presidential campaign and then used it to send phishing emails to another high-ranking advisor. 2. AI-POWERED DISINFORMATION

Threat actors typically double down on disinformation tactics during election season to fabricate false narratives, introduce distractions, sow polarization, and compromise trust in information sources. With AI added to the mix, the speed and scale at which disinformation can be fabricated and disseminated is unparalleled. Deepfakes of politicians, prominent businesspeople, and celebrities are also being used to spread false information, create mock endorsements, damage reputations, shift public opinion, and influence elections. Creating deepfakes has become all too easy. For example, X’s new chatbot Grok enables users to instantly create images from text prompts and publish them on X. Fake AI websites can be operationalized to feed false stories to users. Researchers recently discovered a network of 171 fake AI news websites that published Al-rewritten stories and used legitimate-sounding organization names such as the “Atlanta Beacon” and the “Arizona Observer.”

Major businesses and well-known brands are also vulnerable to election-related disinformation. Google and Netflix both became victims of disinformation campaigns claiming they were funding or favoring certain candidates. Just like the 2020 election, one can expect bot networks and troll farms to be activated on social media. This year may follow an unexpected twist with AI-powered bots that sound authoritative and knowledgeable on specific topics and can mimic human behavior. 3. CYBER ATTACKS AND RANSOMWARE

Elections present a ripe opportunity for cyberattacks, whether they’re conducted by individual entities, hacktivists, or state-backed adversaries. Nation states hack organizations for their intelligence operations, espionage, or to serve a political or military goal. In 2021, China-backed hackers successfully attacked the U.K. electoral registers and stole the data of 40 million voters. Motivated by ideology, hacktivists typically focus on disrupting the election process; they deface government websites, target specific election officials, or attack organizations with opposing ideologies.

Non-state actors are typically motivated by financial gain. They view elections as another opportunity to unleash ransomware attacks and to extort or blackmail victims. Governments and electoral organizations are not exclusively targeted—ransomware actors have maliciously attacked critical infrastructure and supply chains. 4. HACK AND LEAK OPERATIONS A hack and leak operation is a cyber-attack that isn’t merely focused on attacking systems for financial gain. Such operations typically involve exfiltrating sensitive data and then distributing that data for political gains such as manipulating public opinion, undermining trust in institutions, and fomenting polarization.

Recently, U.S. agencies confirmed that Iranian hackers breached the political campaigns of both parties. Media organization Politico also reported being contacted by an anonymous account with documents from inside Republican operations. These are not isolated incidents: Recall the 2016 elections when Russia-backed threat actors leaked stolen emails and documents on platforms like WikiLeaks. HOW CAN ORGANIZATIONS BETTER PROTECT THEMSELVES DURING ELECTION SEASON? Elections present an opportunity for cybercriminals to target all sorts of organizations and individuals. The following are security measures that can help organizations better protect themselves:

1. Deliver election-specific security awareness. Research shows that only about half of employees receive any kind of security training pertaining to election-specific threats. Roll out awareness campaigns around election-related risks, and promote best practices such as improving critical thinking and media literacy, being wary of deepfakes and synthetic media, and staying alert and vigilant. 2. Conduct election-themed phishing training.

Improve muscle memory and reflex behaviors in your employees so they can better recognize and quickly report phishing attempts. Subjecting your employees to election-themed phishing simulation exercises can help improve and encourage such behaviors. 3. Get security basics in order. Phishing, compromised credentials, and vulnerabilities are the top three vectors of initial access used by cybercriminals to hack and infiltrate organizations. Frequent patching of systems and software, use of phishing-resistant multi-factor authentication, and use of commercial-grade password managers can go a long way to improving the security posture of your organization. It’s also a good idea to practice incident response processes during such times of heightened risk.