Considering that 2024 is a historic year for elections – with an estimated half of the world’s population taking part in democratic votes – this high threat of cyber interference has significant implications for global free society, threatening to undermine confidence in voting processes or – at worst – even alter electoral outcomes, according to Tidal Cyber.
A concerning 27% of countries with 2024 national elections face the highest threat levels, facing multiple priority adversary groups and many state-backed groups associated with priority adversary countries.
Top adversary nations employ cyber interference tactics
The four priority adversary countries (Russia, China, Iran, and North Korea) are using cyber interference for disinformation and espionage and to potentially disrupt actual electoral processes, such as voting, or manipulate results.
Most voting countries this year face at least some interference threat: 64% face at least one state-backed cyber threat actor attributed to the three top offenders (Russia, China, or Iran).
The study also reveals an alarming trend: Pakistan, Indonesia, Venezuela, Uzbekistan, India, Belarus, and Ethiopia face considerable interference threats and, most vital, underlying concerns with digital infrastructure related to electoral processes.
The report identifies trends in election cyber interference tactics, techniques, and procedures (TTPs) by analyzing dozens of historical instances since 2008, including the adoption of generative AI technology to make phishing and social engineering, the most common form of election-related cyberattack, more convincing.
Email-based attacks, especially spearphishing, are a leading attack method for gaining initial access into election-related networks. Phishing attachments are used to deliver malware for longer-term data collection and/or persistence, while malicious links are used to harvest credentials for access and also to initiate malware downloads.
Adversaries excel with new social engineering methods
Additionally, Tidal’s research highlights adversaries adopting new techniques and external factors to continue to make social engineering attacks successful despite improved defenses, spotlights credential abuse attacks on the rise, the resurgence of politically motivated denial of service and defacement attacks, and high levels of ransomware and extortion attacks.
The prominence of social engineering and identity attacks can make it easy to forget that technical-based compromise of election infrastructure can and does continue to occur, including recently. Many web application access cases appear to be relatively opportunistic in nature, but the continued presence of vulnerabilities and misconfigurations in these applications give interference adversaries ample opportunity to compromise intended targets.
Defenders must prioritize regular review and reinforcement of identity security controls, software and application security configuration policies, and endpoint and network threat prevention technology to defend against election interference threats from top adversaries.
As relevant adversaries evolve to evade the latest defenses, they are explicitly threatening distinct election cyber interference attacks.
“Tidal Cyber assesses a considerable threat of cyber interference – malicious activities targeting the technical aspects of election processes – affecting global elections this year,” said Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber.
“Considering that 2024 is a historic year for elections, based on our report, the findings have significant implications threatening to undermine confidence in voting processes or even alter electoral outcomes. We assess that cyber actors aligned with multiple adversarial nations are continuing to evolve their TTPs to attack both historical and new targets for election-related interference successfully.”