2024 US Presidential Election Cyber Intrusion: Part 5 - Cybercrime Threats

Uploaded on 2024-10-31 in GOVERNMENT-National, FREE TO VIEW

Part 5 of a series that will analyze critical cyber security aspects during the countdown  to the 2024 US Presidential Election, beginning with Nation State Threat Actors, then Covert Influence OperationsHactivism and Cybercrime.

Do Organized Cybercrime Groups Have The Ability To Compromise the 2024 US Presidential Election?

Although it is unlikely that financially motivated cybercriminals would have a specific interest in the 2024 US presidential election itself, ransomware, and related extortion efforts, target victims for their potential to pay a ransom.

Ransomware

With a substantial quantity of sensitive data surrounding the election available for compromise, we have assessed that this will increase the likelihood for the election to be targeted by a cybercrime event. Ransomware efforts will provide cybercriminals with a low-cost, high-reward attack vector that could be leveraged to both gain access to the network of US election offices, as well as actively disrupting the election proceedings by encrypting data.

Phishing

Cybercriminals will likely capitalise on the run-up to November 5th by engaging in malicious social engineering attempts involving the delivery of US presidential election-themed phishing emails, SMS, and social media messages to prey on the US public’s uncertainty surrounding the election. They will try to entice them to interact with malicious links that will likely be disguised by URLs purporting to divert victims to seemingly legitimate election information and voter registration web pages.

Stealware

Cybercrime targeting of the election will also likely extend to involve the deployment of stealware variants.

This assessment has been made based on a recent trend of threat actors leveraging stealware with attempts to steal voter registration records and credentials from election systems with the actors also leaking these data sets.

These infostealer campaigns have obtained this data by intercepting login forms on Internet browsers or by accessing password storage on compromised devices. Stealware actors likely leak this data to undermine the trust in US election systems and create the perception that they are vulnerable and untrustworthy.

TO BE CONCLUDED

Craig Watt is a Threat Intelligence Consultant at Quorum Cyber specializing in strategic and geopolitical intelligence.

Image: Andrii Shyp

You Might Also Read:

2024 US Presidential Election: Nation State Cyber Threats:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« What Industrial Organisations Can Learn From Nation-State Cyber Attacks
Cyber Security Teams Feel The Pressure  »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Arcitura Education

Arcitura Education

Arcitura is a leading global provider of progressive, vendor-neutral IT training and certification programs.

UL Solutions

UL Solutions

UL Solutions is a safety, security and compliance consulting and certification company. Areas covered include cyber security.

Cyber Security Agency of Singapore (CSA)

Cyber Security Agency of Singapore (CSA)

The CSA is the national agency overseeing cybersecurity strategy, operation, education, outreach, and ecosystem development.

Cymbel

Cymbel

Cymbel provides businesses and government agencies with the tools and expertise they need to manage the most complex security and compliance challenges.

J2 Software

J2 Software

J2 Software is a leading African Information Security and ICT business providing information security, governance, risk and compliance solutions.

Bangladesh Association of Software & Information Services (BASIS)

Bangladesh Association of Software & Information Services (BASIS)

BASIS is the national trade body for Software & IT Enabled Service industry of Bangladesh.

FileWave

FileWave

FileWave offers a single solution for managing apps, devices, and more for Mac, Windows, and mobile devices.

AmWINS Group

AmWINS Group

AmWINS are a global specialty insurance distributor with expertise in property, casualty and professional lines including cyber liability.

Panacea Infosec

Panacea Infosec

Panacea Infosec is a leading provider of information security compliance services. We help our clients in protecting their data, reducing security risks and fighting cybercrime.

Jisc

Jisc

Jisc is a membership organisation working in partnership with the UK’s research and education communities to develop the digital technologies they need to teach, discover and thrive.

Easy Dynamics

Easy Dynamics

Easy Dynamics is a leading technology services provider with a core focus in Cybersecurity, Cloud Computing, and Information Sharing.

OSP Cyber Academy

OSP Cyber Academy

OSP Cyber Academy are a managed service provider of cyber, information security and data protection training.

PixelQA

PixelQA

Are you looking for a security testing company to cross-check whether your software or mobile app has a possible security threat or not?

Kivera

Kivera

Kivera enforces your organisation governance and security policies across cloud deployments preventing misconfigurations turning into attack vectors.

GlassHouse Technology

GlassHouse Technology

GlassHouse supports customers in their digitalization journey with our deep technical expertise in Managed Cloud and Security Services, SAP Infrastructure Service and Business Continuity Services.

Command Zero

Command Zero

Command Zero is the industry’s first autonomous and AI-assisted cyber investigations platform, built to transform security operations in complex enterprise environments.