It is not surprising that experts are warning that state-sponsored cybercriminals are the biggest threat when it comes to interfering with elections this year. They are considered to be the most prevalent and likely tactics used for meddling in elections.
The United States will have its presidential election in November this year, while the UK government may postpone its general election until January 28, 2025. It is anticipated that the UK general election will occur in late 2024.
Since they are leaders of important countries, both of these elections are expected to be attacked by foreign enemies. According to a recent report by security company Mandiant on election security trends, defenders need to be familiar with the four Ds.
Researchers predict that DDoS attacks, data theft, disinformation, and deepfakes are the most probable forms of attacks that may occur during this year's elections. These attacks could potentially influence the results of the election by impacting voters.
It is probable that various attack methods will be combined in multi-layered hybrid attacks, especially favored by Russia's state-sponsored attackers. This could potentially intensify the impact on an election.
One potential scenario involves stealing and leaking data from a political party's network to sway voters in favor of the nation responsible. The likelihood of these actions occurring before upcoming elections is considered to be significant.
Mandiant believes that election attacks are most likely to focus on campaigns and voters, including news outlets, political parties, social media platforms, and donor groups.
It is believed that the chances of attacks on voter registration systems or voting machines are lower compared to other types of cyber attacks. However, if these systems were successfully disrupted rather than just falsely claimed to be compromised, the consequences would be more significant.
When false information is spread through fake news outlets and other means, it can be further spread through social media shares, posing a significant risk of election interference in 2024.
Russia has a history of involvement in this field. Just before their invasion of Ukraine in 2022, financial service companies experienced DDoS attacks and citizens were sent false SMS messages claiming that the country's ATMs were not working, causing panic. Both the US and UK attributed these coordinated attacks to Russia's spy agency (GRU).
Various forms of election attacks and the level of danger they pose, as outlined by Mandiant.
Deepfake technology has been used in cyberattacks for several years, but the threat has become more convincing in the last year. Mandiant warns that deepfake attacks are now just as likely during elections as data leaks and could result in similar levels of damage.
Mandiant has noticed that certain cyber groups with pro-China affiliations are using deepfake technology to produce popular social media videos of celebrities speaking out against political figures.
A recent incident on TikTok involved a popular voice actor, Morgan Freeman, being targeted by deepfake technology in a video that seemed to depict him expressing disagreement with the current US president, Joe Biden.
John Hultquist, the chief analyst at Mandiant for Google Cloud, stated that there are many different cyber threats facing elections. Various individuals or groups are becoming more confident and want to disrupt the democratic process. Cyber espionage, spreading false information, and hacktivism will all play a role to some extent.
Mandiant identifies actors who have interfered in elections before, such as those associated with Russian military intelligence and Iran's Islamic Revolutionary Guard Corps, as the most bold and aggressive. These actors are always changing their tactics, but often carry out attacks that may not have a significant impact but are exaggerated to create fear. It is important to be prepared for these threats without blowing them out of proportion.
This year is different from 2016. While there are more people involved, a lot of them are finding it difficult to establish and keep their power in a setting where their activities are constantly being discovered and eliminated.
The main individuals involved in election meddling are not surprising, as the UK's top four adversaries are known to engage in such activities, even within their own countries.
Indeed, Mandiant reports that the most frequent attackers faced by election defenders are criminals working for Russia, China, Iran, and North Korea.
Russia has the most groups that support its agenda, whether through government backing or activism involving hacking. Groups like Sandworm and COLDRIVER have been connected to various instances of influencing elections, including the Brexit vote.
Due to the many groups supporting them, it is expected that Russian attacks will cover a wide range of tactics and will target multiple elections in Europe this year. This was pointed out by Jamie Collier, who is a senior threat intelligence advisor for Mandiant at Google Cloud in the EMEA region.
Leading up to the European Parliament elections, Russia poses the biggest threat to Europe. Russian activities are expected to occur throughout Europe with the goal of weakening support for Ukraine, NATO, and the EU. Groups with connections to Russia, like APT44, have a history of engaging in espionage, destructive actions, and spreading false information.
Europe needs to be ready for different cyber risks and understand how they can be interconnected. An example of this is hack and leak operations, where stolen sensitive information from a network breach can be used to enhance the impact of subsequent information operations that spread authentic documents to cause societal disruption.
Various countries and organizations that promote their interests (image credit to Mandiant)
In China, there are many organizations that support its goals, but Mandiant believes that each group is specialized in a specific type of activity. For example, one group may only focus on stealing data, while another group may concentrate solely on information operations. In contrast, Russian groups have the ability to engage in a wide range of activities and can combine them in a coordinated campaign.
According to Hultquist, Iran has a track record of effectively interfering in elections, so we should not overlook their capabilities. On the other hand, North Korea may play a minor role in election interference compared to other countries.
Mandiant stated that attempts to interfere with elections will occur, but it is unclear how successful they will be.
Defenders have grown more cautious, more proficient, and more aware of what to anticipate from foreign powers, enabling them to effectively counteract their strategies.
People in countries that have been targeted by adversaries during elections are more conscious of the danger posed to elections and are more cautious about misinformation campaigns because they have been dealing with them for a long time.