The 2024 United States presidential election is quickly approaching, and malicious actors are capitalizing on the eye and exercise surrounding the election season to execute their scams.
Fortinet just lately launched its FortiGuard Labs Risk Intelligence Report: Risk Actors Concentrating on the 2024 U.S. Presidential Election, which reveals and analyzes threats noticed from January 2024 to August 2024 tied to U.S.-based entities, voters, and the electoral course of. Researchers recognized phishing scams, malicious area registrations, and different menace exercise that might impression the integrity and trustworthiness of the election course of and the welfare of the collaborating residents.
Understanding burgeoning threats and dangers helps enterprise leaders, residents, and election officers adhere to insurance policies and undertake applied sciences that forestall and mitigate malicious cyber incidents in the course of the election season and past.
Phishing scams and fraudulent web sites goal voters
Phishing is among the many commonest cyberattack methods immediately. Cybercriminals use synthetic intelligence (AI) to hurry up, scale, and improve the believability of their scams, rising this menace.
The FortiGuard Labs analysis group noticed malicious actors promoting phishing kits created to impersonate U.S. presidential candidates and their campaigns on the darknet for simply $1,260 every. These kits goal voters and donors, harvesting private data comparable to names, addresses, and bank card particulars in donation scams.
People are the primary line of protection in cybersecurity. To keep away from falling sufferer to phishing assaults, it’s essential for enterprise and know-how leaders to conduct common coaching periods that increase consciousness about widespread phishing techniques and different scams. Practically 70% of respondents to Fortinet’s 2024 Safety Consciousness and Coaching International Analysis Report consider their staff lack essential cybersecurity data, up from 56% in 2023. Ongoing coaching initiatives ought to present steerage on recognizing phishing emails, avoiding suspicious hyperlinks and attachments, and reporting potential phishing makes an attempt.
Along with phishing kits that impersonate U.S. presidential candidates and their campaigns, since January 2024, FortiGuard Labs researchers recognized greater than 1,000 newly registered domains that incorporate election-related phrases and references to distinguished political figures. This underscores the significance of remaining vigilant for suspicious conduct or exercise main as much as main occasions and prioritizing good cyber hygiene.
Human error will all the time pose a problem, as even the best-trained workers can fall sufferer to phishing assaults and different scams. Putting in antivirus and anti-malware software program on computer systems provides an additional layer of safety, particularly towards phishing assaults and credential theft.
Risk actors promote delicate knowledge on the darknet
The darknet has turn into a hub for U.S.-specific threats, the place malicious actors commerce delicate data and infrequently develop methods to use vulnerabilities. Roughly 3% of the posts on these darknet boards contain databases associated to enterprise and authorities entities. These databases maintain essential organizational knowledge that’s weak to cyber exploits and a primary goal for menace actors in the course of the election season.
FortiGuard Labs evaluation revealed a big variety of various databases obtainable on darknet boards concentrating on the U.S., together with Social Safety numbers, usernames, e mail addresses, passwords, bank card knowledge, dates of beginning, and different personally identifiable data that may very well be used to problem the integrity of the 2024 U.S. election. As an illustration, billions of information may very well be utilized in misinformation campaigns, which might result in fraudulent exercise, phishing scams, and account takeover.
Over 1.3 billion rows of combo lists – together with usernames, e mail addresses, and passwords – signify a substantial threat of credential-stuffing assaults. In such assaults, cybercriminals use stolen credentials to realize unauthorized entry to accounts. Implementing multi-factor authentication and a robust password coverage helps companies and shoppers forestall knowledge and credential theft.
Additional, organizations ought to leverage a security orchestration, automation, and response platform, which might detect uncommon actions by privileged customers and, if wanted, block such actions. Sustaining full and present knowledge backups is crucial with the uptick in ransomware assaults. Nevertheless, not all knowledge backup methods are created equal. For instance, tech leaders shouldn’t rely solely on on-line backups and will keep away from utilizing the identical passwords for manufacturing environments and backups. It’s suggested to keep up a backup of a cloud backup in one other off-site location. Moreover, all backups needs to be encrypted and will have an entry management set.
Stopping and mitigating cyberattacks in a harmful digital panorama
Cybersecurity measures are essential to safeguard the integrity of the U.S. 2024 presidential election and defend society. Enterprise leaders and residents should safeguard towards potential assaults, take proactive measures, and stay vigilant throughout this heightened time.
