Criminal cyberactivity increases in run-up to U.S. election

Throughout the last decades, cybercriminal activity has increasingly become a significant concern during American presidential elections, with malicious actors exploiting the digital landscape to influence outcomes, spread misinformation, and undermine public trust.

From hacking campaigns targeting political parties and candidates to widespread disinformation efforts on social media, cybercriminals leverage advanced techniques to interfere with the democratic process. How are these trends evolving during this year’s elections?

What are the key threats?

There has been a significant increase in hacker activity undermining US elections between January of this year and now, Fortinet reported in its new Threat Intelligence Report, posing risks for election infrastructure, government agencies engaged in electoral processes, political campaigns, media organizations, and technology providers.

Fortinet points out three key threats in the upcoming elections. Firstly, the cybersecurity company sees that the dark web has become a hub for malicious actors to trade sensitive information and develop strategies to exploit vulnerabilities. At the same time, hacktivist groups are mobilizing, aiming to disrupt proceedings or sway public opinion through coordinated cyber campaigns.

However, one of the biggest threats is state-sponsored entities that employ sophisticated tactics to infiltrate systems, steal data, and disseminate misinformation, Fortinet reports. These activities can lead to the undermining of confidence in the electoral process - and even potentially alter outcomes.

In their report, Fortinet notes more notable trends:

• Phishing kits: hackers are selling phishing kits on the dark web at low prices, enabling buyers to deceive voters and donors by impersonating presidential candidates or their campaign affiliates. These kits make it easier for cybercriminals to carry out targeted scams during the election season.
• Rise in malicious domain registrations: since the beginning of 2024, over a 1000 potentially malicious internet domains have been registered. These domains often include the names of presidential candidates or election-related keywords, indicating that cybercriminals are exploiting the heightened interest in the election to trick unsuspecting individuals and carry out harmful activities.
• Trading personal data: billions of records containing U.S. citizens' personal data, such as social security numbers, personally identifiable information, and login credentials, are being sold on the dark web. This data can be used to spread disinformation, commit fraud, execute phishing scams, and hijack online accounts.
• Increase in ransomware attacks: researchers at FortiGuard Labs reported a 28% rise in ransomware attacks targeting U.S. government agencies compared to the previous year. Their findings are based on analyses of leak sites, where ransomware groups post details of victims who refuse to pay the ransom, highlighting the growing threat to governmental infrastructure during the election period.

Are these trends blowing over to Europe?

Unsurprisingly, cybercriminal trends seen during the U.S. elections are increasingly mirrored in Europe, with upcoming European elections also becoming prime targets for cyberattacks, disinformation, and other malicious activities.

Like their American counterparts, European political campaigns and governmental institutions are facing threats from phishing scams, ransomware attacks, and disinformation efforts aimed at influencing public opinion and undermining trust in the democratic process.

Hackers are known to exploit election periods by creating fake websites, registering malicious domains, and impersonating political figures to steal sensitive data or spread propaganda. With the rise of digital campaigning and the growing reliance on online platforms, European elections are proving just as vulnerable to the same attacks.

What’s more, the sale of personal data on the dark web is a growing concern in Europe as well. Cybercriminals can obtain and sell European citizens' personal information, which can then be used for identity theft, fraudulent voting, and spreading fake news.

Earlier this year, The NIS Cooperation Group, composed of representatives of EU Member States, the European Commission and the European Union Agency for Cybersecurity, ENISA, updated its compendium on election cybersecurity. In its press release, it stated that “the rapid developments in AI including deep fakes, hacktivists-for-hire, sophistication of threat actors along with today’s geopolitical context highlight the necessity to update the compendium in order to reflect the current risks and threats.”

Knowledge is power

Government agencies, political campaign teams, media organizations, and technology providers must prioritize cybersecurity measures to protect against potential breaches and ensure the integrity of the electoral process, Fortinet underlined, adding that these threat intelligence analyses are crucial for preparing and safeguarding against cyberattacks that could disrupt or influence election outcomes.

With cyberattacks and disinformation campaigns becoming increasingly sophisticated, awareness of these threats allows governments, political campaigns, and citizens to take proactive measures to protect sensitive information and prevent the spread of false narratives. Election security is not just a national issue: it is a global concern that requires ongoing vigilance and collaboration between governments, tech companies, and cybersecurity experts. By staying informed about cybercriminal tactics, we can help safeguard the democratic principles that underpin free and fair elections.