Initially Posted In Spiceworks

Discover why the Governments and the public must be aware of the potential for cyber threats surge throughout the periods coinciding with the national elections.

Strengthening cybersecurity for elections is paramount this year. Craig Watt, threat intelligence consultant of Quorum Cyber, shares actionable strategies to secure democracy from malicious AI influences.

The 2024 calendar year is critical for democracy worldwide, with numerous high-profile elections on the horizon. The integrity of the democratic voting process will almost certainly be tested as nation-state-level cyber threat actors will likely aid sponsoring governments in achieving their global objectives.

With geopolitical conflicts increasingly playing out in cyberspace, it has always been challenging for nation-states to influence the political climate while avoiding direct attribution. Exerting influence on elections can alter the decision processes of both the public and high-level officials to align with the interests of foreign powers while simultaneously attacking the democratic foundation of rival nations.

This influence can occur via the implementation of a suite of cyberwarfare tactics, including destructive cyber-attacks, Information Operations (IO), and disinformation campaigns resulting in numerous potential real-world scenarios including, but not limited to, influencing the international population, creating social division and undermining the democratic institutions of rival nations.

The Growing Influence of Technology on the Voting Process

As technological advances are increasingly incorporated into the voting process, elections in the modern age have become more digitally driven than at any other time in history. The voting infrastructure includes internet voting systems, registration databases, and national election networks, which are now critical components of election systems.

With approximately half of the world’s population due to being involved in national elections throughout 2024, a high level of vigilance will be required across all industry sectors to counter the threat of misinformation, disinformation, and malinformation (MDM). Vigilance is required due to the interconnectivity of the technologies and platforms that nation-state-level cyber threat actors will likely leverage as they seek to expand attack surfaces to interfere with and disrupt the electoral process.

The slate of elections scheduled for 2024 is set to occur for the first time following recent significant enhancements in artificial intelligence (AI). Therefore, nation-states will likely leverage this technology to influence voting behavior in favor of state interests. Priority cyber targeting throughout the election periods will probably involve the government sector, election-related networks, national and local political parties, and the personal devices of election officials. However, as with all cyberwarfare engagements, a spillover into private sector businesses is likely.

Mitigating AI-Driven Cyber Threats

With AI capabilities growing at an unprecedented rate, this technology will likely be leveraged by malicious cyber operators, at both the nation-state and cybercriminal level, to compromise the security and integrity of election infrastructure. Cyber threat actors have numerous generative AI tools at their disposal, ranging from deep fake videos and voice cloning to AI-generated SMS messages that can be compiled to implement a variety of cyber-attack vectors. These include scaled social engineering and phishing campaigns and enhanced distributed denial-of-service (DDoS) attacks to manipulate voters and disrupt the operation of election-themed websites.

Generative AI is an attractive option for politically driven and nation-state-sponsored threat actors due to scalability, reduced cost, speed of implementation, and the ability to deploy advanced malware payloads against electoral systems that can evade defensive measures.

Targets of AI-driven cyber-attacks involving the elections could include:

• Electoral Process: Manipulative AI methods could be leveraged to spread false information surrounding voting procedures.
• Election Officials: AI tools could collect sensitive data, resulting in potential doxing attacks against election officials, including party candidates.
• Election Offices: AI-driven spear phishing operations could be launched against election staff to gain access to sensitive election data.
• Election Vendors: AI capabilities could be leveraged to influence the trust level of the public surrounding election vendors.

See More: AI in Cybersecurity: What Organizations Must Know

Safeguards and Mitigation Strategies

Governments and the public must be aware of the potential for cyber threats to surge throughout the periods coinciding with high-profile elections. This vigilance will allow for safeguards and mitigation strategies to be enforced to defend against potential attacks against business and the overarching democracy, allowing these organizations to function. The majority of the optimal mitigation measures involve the industry standard cybersecurity best practices, and it is therefore vital that both governments and private sector businesses are aware of these strategies to protect their accounts and devices.

A pivotal mitigation to election-based cyber threats is increased monitoring of network systems via an effective and monitored endpoint detection and response (EDR) solution, such as Microsoft Defender, to detect malicious intrusions. It will also be critical for governments and their partners to share threat intelligence while conducting attack emulation scenarios that imitate election-orientated disruption scenarios as a proactive strategy to strengthen their network security posture. In addition, it is strongly recommended that government-level entities gather awareness regarding how vulnerable technology platforms intersect with their election processes, conduct holistic threat and risk assessments, and implement robust defensive measures to combat foreign espionage efforts and reduce the risk of disruption.

Depending on the attack vector at the disposal of the threat actor, more specific measures will be required to defend against AI-driven threats. To protect against AI-based phishing and social engineering operations, it will be critical for government bodies and businesses to:

• Apply robust authentication protocols, such as multi-factor authentication (MFA).
• Use email authentication protocols, such as domain-based message authentication.
• Limit social media attack surfaces by applying strong privacy policies and removing personally identifiable information (PII) from profiles.
• Transition to zero trust security principles to prevent unauthorized users from accessing sensitive data and services.

It is recommended that personal social media accounts be made private to reduce the risk of impersonation—the privacy setting limits access to images by nefarious cyber actors. In addition, old profiles that are no longer in use should be deactivated or deleted. Further, sensitive data can be protected by validating requests for information sent through secondary channels and applying identity verification for real-time communications. Adopting passphrases and educating employees are additional methods for diminishing the threat of impersonation and harassment during election periods.

Combating malicious influence operations and disinformation campaigns will require additional security measures, including:

• Building rapport with local media entities and community officials to ensure the flow of accurate information.
• Utilizing authentication techniques, including watermarks, consolidates published content’s veracity.
• Training employees regarding Standard Operating Procedures (SOP) for responding to media manipulation, with an awareness of how to report this within the organization.

Holistic Cybersecurity Measures

With the world stage set for numerous high-profile elections throughout 2024, a holistic approach to the coinciding cybersecurity threats will be essential for governments and businesses across the world to adequately prepare themselves for the onslaught of offensive efforts that will likely surface to promote nation-state-level agendas and influence the global population.

Craig Watt Threat Intelligence Consultant, Quorum Cyber