Fortinet Finds Darknet Targeting 2024 United States Presidential ElectionFortinet FortiGuard Labs Observes Darknet Activity Targeting the 2024 United States Presidential ElectionPhishing scams aimed at voters, malicious domain registrations impersonating candidates, and other threat activity designed to exploit unassuming victims take center stage as the U.S. election approachesFortinet announced the release of its FortiGuard Labs Threat Intelligence Report: Threat Actors Targeting the 2024 U.S. Presidential Election, which reveals and analyzes threats tied to U.S.-based entities, voters, and the electoral process. Key findings from the threat intelligence report include:
Scams Targeting the U.S. 2024 Presidential Election Flood the Darknet Cyber adversaries, including state-sponsored actors and hacktivist groups, are increasingly active in the lead-up to elections. The FortiGuard Labs research team observed threat actors selling distinct phishing kits for $1,260 each, created to impersonate U.S. presidential candidates. These kits are designed to harvest personal information, including names, addresses, and credit card (donation) details. Since January 2024, FortiGuard Labs researchers have also identified more than 1,000 newly registered domain names that incorporate election-related terms and references to prominent political figures. Fraudulent fundraising websites, including secure[.]actsblues[.]com, meant to imitate the legitimate site for ActBlue (secure[.]actblue[.]com), a nonprofit American fundraising platform and political action committee. The top two most-used hosting providers for these election-themed websites are AMAZON-02 and CLOUDFLARENET. The reliance on major hosting platforms such as Amazon Web Services (AWS) and Cloudflare suggests that threat actors are leveraging these reputable services to enhance the legitimacy and resilience of their malicious domains. A notable concentration of domains is associated with a limited number of IP addresses, indicating a centralized approach by threat actors to efficiently manage multiple malicious domains to execute large-scale cyber campaigns. No Shortage of Personal Data Being Sold Aimed at the U.S. FortiGuard Labs analysis continues to show a significant number of diverse databases available on darknet forums targeting the U.S., including SSNs, usernames, email addresses, passwords, credit card data, date of birth, and other PII that could be used to challenge the integrity of the 2024 U.S. election. Specific highlights include:
The U.S. Government Is an Increasingly Attractive Target Ransomware attacks targeting government agencies before an election can impact the electoral process and public trust in government institutions. Compared to 2023, the FortiGuard Labs research team observed a 28% spike in ransomware attacks against the U.S. government in 2024. The darknet has become a hub for U.S.-specific threats, where malicious actors trade sensitive information and can potentially develop strategies to exploit vulnerabilities. Approximately 3% of the posts on these forums involve databases related to business and government entities. These databases hold critical organizational data that is vulnerable to cyber exploits and are a prime target for threat actors as the elections come and go. Recommendations to Prevent and Mitigate Cyberattacks this Election Season Cybersecurity measures are critical to safeguard the integrity of the U.S. 2024 presidential election. Following fundamental best practices can help prevent and mitigate the effects of cyber incidents. The full list of recommendations and best practices can be found in the report, but some key takeaways for citizens, business leaders, and election officials include:
About the Fortinet FortiGuard Labs Election Security Report This report provides an in-depth analysis of threats observed from January 2024 to August 2024. It examines the diverse array of cyberthreats that may affect U.S.-based entities and the electoral process. Source: Fortinet media announcement |