Cybersecurity researchers have uncovered over 1,000 newly registered malicious domains designed to exploit public interest in the upcoming vote. This surge in potentially harmful websites poses significant risks to voter information security and the integrity of the electoral process.
Leading up to elections, cyber adversaries, such as state-sponsored actors and hacktivist groups, are becoming more active. In the US, the dark web has emerged as a central location for malicious actors to exchange sensitive information and devise plans to take advantage of weaknesses.
Hacktivist organizations also seek to disturb operations or influence public sentiment by orchestrating cyber campaigns.
FortiGuard Labs, a leading cybersecurity research team, reported the discovery in their recent “2024 US Election Security Report.”
Malicious Domains Registered
The study reveals that since January 2024, threat actors have registered more than 1,000 new domain names following patterns that incorporate election-related terms and references to prominent political figures.
Join ANY.RUN's FREE webinar on How to Improve Threat Investigations on Oct 23 - Register Here
These domains often include phrases like “votefor,” “vote4,” “trump2024,” and “voteharris,” clearly attempting to capitalize on the heightened interest surrounding the presidential race.
Cybersecurity experts warn that these websites could be used for various malicious activities, including phishing campaigns, spreading disinformation, and launching cyberattacks aimed at influencing voter behavior.
The majority of these suspicious domains are registered in the United States, with 636 domains originating from the country. Canada follows with 72 domains, while Germany accounts for 22.
This concentration of US-based registrations suggests either domestic threat actors or the use of US hosting services to conceal the true origin of these malicious activities.
Popular hosting providers have inadvertently become platforms for these potentially harmful websites. AMAZON-02 currently hosts 458 of these domains, followed by CLOUDFLARENET with 71, and NAMECHEAP-NET hosting 70.
Threat actors may use reputable hosting services to lend legitimacy to their malicious domains and improve their resilience against takedown efforts.
The discovery of fraudulent fundraising websites designed to mimic legitimate political donation platforms is of particular concern.
One such site impersonates ActBlue, a popular fundraising platform for Democratic candidates. These deceptive websites aim to collect donations and personal information such as credit card details, names, emails, and residential addresses.
Cybercriminals are also capitalizing on the election fervor through dark web forums. Researchers found advertisements for phishing kits priced at $1,260 each, specifically targeting supporters of Donald Trump and Kamala Harris.
These kits are designed to harvest personal information and financial data from unsuspecting voters.
The proliferation of these malicious domains and associated cyber threats raises serious concerns about potential interference in the upcoming election.
Experts warn that these activities could lead to widespread theft of personal information, financial fraud, and the manipulation of public opinion through targeted disinformation campaigns.
As the election approaches, cybersecurity professionals urge voters to remain vigilant and exercise caution when interacting with election-related websites.
They recommend verifying the legitimacy of donation platforms, being wary of unsolicited emails or messages related to the election, and using official government sources for voting information.
Election officials and campaign organizations are advised to enhance their cybersecurity measures, including implementing robust website security, educating staff about phishing threats, and regularly monitoring for fraudulent domains impersonating their official websites.
With the integrity of the electoral process at stake, addressing this surge in malicious domains has become a critical priority for cybersecurity teams and election officials alike as they work to safeguard the 2024 US presidential election from digital threats.
Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats -> Watch Here