With over 50 elections set to take place around the globe in 2024, around two billion people will head to the polls before the year is out.
There has never been a better opportunity for state-sponsored actors to influence the elections, test out new techniques to polarize society and generally destabilize their rivals.
A new Mandiant report, titled ‘Poll Vaulting: Cyber Threats to Global Elections’, sees its researchers assess with high confidence that the greatest threat to elections this year are state-sponsored actors.
Russia and Iran linked actors
2016 was the last big year for election interference campaigns, particularly for Russia, whose interference has been alleged in both the year's Brexit referendum and in the US Presidential election under a program supposedly called 'Project Lakhta'.
But 2024 will give hostile nations another opportunity to test the techniques they have refined since then, pioneering new and innovative methods to influence voter opinion and attempt to elect those with shared sympathies, or those who will destabilize security-oriented multinational organizations.
Intelligence gathered by Mandiant on previous elections shows that election campaigns and voters are hardest hit by cyber-threat activity, with news organizations, social media platforms, interest groups and donors, and political parties themselves being the most likely victims of cyber threat activity.
Data theft, distributed-denial-of-service (DDoS) attacks, hack and leak operations, and various information operation (IO) campaigns using social media are all ranked as some of the most likely tactics used to effect election campaigns and voters, with Mandiant assessing that these could be used in layered campaigns that each seek to magnify the effect of each other.
Mandiant highlights that DDoS attacks in particular are effective at undermining the trust in infrastructure, particularly when used in protracted campaigns, with the Russian Main Intelligence Directorate (GRU) using DDoS attacks against Ukrainian financial services to sow panic in the run up to its invasion of Ukraine.
While Mandiant assesses the tampering of electronic voting machines, as well as cyberattacks against the organizations that manufacture the hardware and software used in them as having a very high magnitude of disruption, there has been no observed occurrence of this happening in the wild, meaning the possibility of this occurring is assessed as low.
Vigilant populations and experienced defenders are the best defense against election interference, Mandiant says, stating that understanding the complex mesh of threats to elections alongside hardening infrastructure against cyberattacks can contribute to bluntening the effect that state-sponsored attackers can have on elections.
Jamie Collier, Mandiant Senior Threat Intelligence Advisor EMEA, Google Cloud provided some perspective on the types of threats set to face the West, “Russia remains the most serious threat to Europe in the runup to the European Parliament elections. Russian operations will likely take place across Europe and attempt to undermine support for Ukraine, NATO, and the EU. Russia-nexus groups, such as APT44, have a track record of combining espionage campaigns, destructive operations, and spreading disinformation."
“This means Europe must not only prepare for a variety of cyber risks, but also understand how they come together. Hack and leak operations are one example of this in action: sensitive information stolen through a network intrusion boosts the effectiveness of subsequent information operations that can leverage authentic documents to maximise societal disruption,” Collier continued.
“Information operations and disruptive cyber campaigns thrive when their impacts are built up. This makes objective analysis of election cyber threats vitally important. Understanding the threats to elections provides an opportunity to build a more tailored and proactive security posture. This empowers democracies to meet these challenges head on.”