STOCK TITAN

Fortinet FortiGuard Labs Observes Darknet Activity Targeting the 2024 United States Presidential Election

Rhea-AI Impact
(Neutral)
Rhea-AI Sentiment
(Negative)
Tags

Fortinet's FortiGuard Labs has released a report highlighting cyberthreats targeting the 2024 U.S. Presidential Election. Key findings include:

  • Phishing scams targeting voters with affordable kits sold on the darknet
  • Over 1,000 new potentially malicious domains registered in 2024
  • Billions of U.S. records for sale on darknet forums, including SSNs and PII
  • 28% increase in ransomware attacks against U.S. government year-over-year

The report details the sale of phishing kits impersonating candidates, fraudulent fundraising websites, and the concentration of malicious domains on major hosting platforms. It also highlights the risks of credential-stuffing attacks, financial fraud, and identity theft. Fortinet emphasizes the need for vigilance, employee training, multi-factor authentication, endpoint protection, and regular software updates to safeguard against these threats.

Fortinet's FortiGuard Labs ha pubblicato un rapporto che evidenzia le minacce informatiche rivolte alle elezioni presidenziali degli Stati Uniti del 2024. I principali risultati includono:

  • Truffe di phishing destinate agli elettori, con kit economici venduti nel darknet
  • Oltre 1.000 nuovi domini potenzialmente dannosi registrati nel 2024
  • Milioni di record statunitensi in vendita sui forum del darknet, inclusi SSN e PII
  • Aumento del 28% degli attacchi ransomware contro il governo degli Stati Uniti rispetto all'anno precedente

Il rapporto approfondisce la vendita di kit di phishing che impersonano candidati, siti web di raccolta fondi fraudolenti e la concentrazione di domini malevoli su importanti piattaforme di hosting. Viene inoltre sottolineato il rischio di attacchi di credential-stuffing, frodi finanziarie e furto d'identità. Fortinet sottolinea la necessità di vigilanza, formazione dei dipendenti, autenticazione a più fattori, protezione dei punti finali e aggiornamenti software regolari per proteggersi da queste minacce.

Fortinet's FortiGuard Labs ha publicado un informe que destaca las ciberamenazas dirigidas a las elecciones presidenciales de EE.UU. de 2024. Los hallazgos clave incluyen:

  • Estafas de phishing dirigidas a votantes con kits asequibles vendidos en la darknet
  • Más de 1.000 nuevos dominios potencialmente maliciosos registrados en 2024
  • Millones de registros de EE.UU. a la venta en foros de la darknet, incluyendo SSN y PII
  • Aumento del 28% en ataques de ransomware contra el gobierno estadounidense en comparación con el año anterior

El informe detalla la venta de kits de phishing que suplantan a candidatos, sitios web de recaudación de fondos fraudulentos y la concentración de dominios maliciosos en importantes plataformas de hosting. También destaca los riesgos de ataques de credential-stuffing, fraudes financieros y robo de identidad. Fortinet enfatiza la necesidad de vigilancia, capacitación de empleados, autenticación de múltiples factores, protección de puntos finales y actualizaciones de software regulares para protegerse contra estas amenazas.

Fortinet의 FortiGuard Labs는 2024년 미국 대통령 선거를 겨냥한 사이버 위협에 대한 보고서를 발표했습니다. 주요 결과는 다음과 같습니다:

  • 다크웹에서 저렴한 키트를 판매하는 유권자를 대상으로 한 피싱 사기
  • 2024년에 등록된 1,000개 이상의 잠재적으로 악성 도메인
  • 사회보장번호(SSN) 및 개인식별정보(PII)를 포함한 수억 건의 미국 기록이 다크웹 포럼에서 판매 중
  • 전년 대비 미국 정부를 대상으로 한 랜섬웨어 공격이 28% 증가

보고서는 후보자를 사칭한 피싱 키트 판매, 사기 모금 웹사이트, 주요 호스팅 플랫폼에 있는 악성 도메인의 집중에 대해 자세히 설명합니다. 또한 자격 증명 채우기 공격, 재정 사기 및 신원 도용의 위험을 강조합니다. Fortinet은 위기 대응, 직원 교육, 다중 인증, 엔드포인트 보호 및 정기 소프트웨어 업데이트의 필요성을 강조하여 이러한 위협으로부터 보호할 것을 권장합니다.

Les FortiGuard Labs de Fortinet ont publié un rapport soulignant les cybermenaces visant les élections présidentielles américaines de 2024. Les résultats clés incluent :

  • Escroqueries par phishing ciblant les électeurs avec des kits abordables vendus sur le darknet
  • Plus de 1 000 nouveaux domaines potentiellement malveillants enregistrés en 2024
  • Des milliards de dossiers américains en vente sur des forums darknet, y compris des numéros de sécurité sociale et des informations personnelles identifiables
  • Augmentation de 28 % des attaques par ransomware contre le gouvernement américain d'une année sur l'autre

Le rapport détaille la vente de kits de phishing usurpant des candidats, des sites de collecte de fonds frauduleux et la concentration de domaines malveillants sur des plateformes d'hébergement majeures. Il met également en évidence les risques d'attaques par credential-stuffing, de fraude financière et de vol d'identité. Fortinet souligne la nécessité de vigilance, de formation des employés, d'authentification multifactorielle, de protection des points d'extrémité et de mises à jour logicielles régulières pour se protéger contre ces menaces.

Fortinets FortiGuard Labs hat einen Bericht veröffentlicht, der auf Cyberbedrohungen hinweist, die die Präsidentschaftswahlen in den USA 2024 betreffen. Zu den wichtigsten Erkenntnissen gehören:

  • Phishing-Betrügereien, die Wähler mit erschwinglichen Kits verkaufen, die im Darknet angeboten werden
  • Über 1.000 neue potenziell schädliche Domains, die 2024 registriert wurden
  • Milliarden von US-Datensätzen zu verkaufen in Darknet-Foren, einschließlich SSNs und PII
  • 28% Anstieg bei Ransomware-Attacken gegen die US-Regierung im Vergleich zum Vorjahr

Der Bericht beschreibt den Verkauf von Phishing-Kits, die Kandidaten nachahmen, betrügerische Fundraising-Webseiten und die Konzentration bösartiger Domains auf großen Hosting-Plattformen. Er weist auch auf die Risiken von Credential-Stuffing-Angriffen, finanziellen Betrug und Identitätsdiebstahl hin. Fortinet betont die Notwendigkeit von Wachsamkeit, Mitarbeiterschulung, Multi-Faktor-Authentifizierung, Endpunktschutz und regelmäßigen Software-Updates, um sich gegen diese Bedrohungen abzusichern.

Positive
  • Fortinet's research provides valuable insights into cybersecurity threats related to the 2024 U.S. Presidential Election
  • The report offers recommendations for preventing and mitigating cyberattacks during the election season
Negative
  • 28% increase in ransomware attacks against U.S. government year-over-year
  • Over 1,000 new potentially malicious domains registered since the beginning of 2024
  • Billions of U.S. records, including SSNs and PII, are for sale on darknet forums
  • Phishing kits impersonating presidential candidates are being sold on the darknet

Insights

The report highlights significant cybersecurity threats targeting the 2024 U.S. Presidential Election. Key concerns include:

  • Affordable phishing kits ($1,260) impersonating candidates to harvest personal data
  • Over 1,000 newly registered malicious domains related to the election
  • Billions of U.S. records for sale on darknet forums, including SSNs and PII
  • 28% increase in ransomware attacks against U.S. government year-over-year

These threats pose substantial risks to voter data, campaign integrity and public trust. The use of reputable hosting services like AWS and Cloudflare for malicious domains adds a layer of legitimacy to these attacks. Organizations and individuals must prioritize cybersecurity measures, including vigilant monitoring, employee training, multi-factor authentication and regular software updates to mitigate these risks effectively.

The cybersecurity threats outlined in this report have significant implications for the 2024 U.S. Presidential Election. The sale of voter data and credentials on the darknet could lead to targeted misinformation campaigns and voter suppression efforts. The 28% increase in ransomware attacks against government entities is particularly concerning, as it could disrupt election infrastructure and erode public confidence in the electoral process.

The proliferation of fake fundraising websites and phishing scams targeting donors could impact campaign financing and potentially skew the playing field. Moreover, the availability of vast amounts of personal data on the darknet increases the risk of identity theft and fraudulent voting. These cyber threats collectively pose a serious challenge to the integrity of the democratic process and highlight the critical need for robust cybersecurity measures at all levels of the election system.

Phishing scams aimed at voters, malicious domain registrations impersonating candidates, and other threat activity designed to exploit unassuming victims take center stage as the U.S. election approaches

SUNNYVALE, Calif., Oct. 15, 2024 (GLOBE NEWSWIRE) --

Derek Manky, Chief Security Strategist and VP of Global Threat Intelligence at Fortinet
“As the 2024 U.S. presidential election approaches, it’s critical to recognize and understand the cyberthreats that may impact the integrity and trustworthiness of the election process and the welfare of the participating citizens. Cyber adversaries, including state-sponsored actors and hacktivist groups, are increasingly active leading up to major events like elections. Remaining vigilant and identifying and analyzing potential cyberthreats and vulnerabilities is crucial for preparing and safeguarding against the lures and targeted cyberattacks that could take advantage of a heightened moment in time and even disrupt or influence electoral outcomes.”

News Summary
Fortinet® (NASDAQ: FTNT), the global cybersecurity leader driving the convergence of networking and security, today released its FortiGuard Labs Threat Intelligence Report: Threat Actors Targeting the 2024 U.S. Presidential Election, which reveals and analyzes threats tied to U.S.-based entities, voters, and the electoral process. Key findings from the threat intelligence report include:

  • Phishing Scams Targeting Voters Leading Up to the 2024 U.S. Presidential Election: Threat actors are selling affordable phishing kits on the darknet designed to target voters and donors by impersonating the presidential candidates and their campaigns.
  • Malicious Domain Registrations on the Rise: More than 1,000 new potentially malicious domains have also been registered since the beginning of 2024 that follow particular patterns and incorporate election-related content and candidates, suggesting that threat actors are leveraging the heightened interest surrounding the election to lure unsuspecting targets and potentially conduct malicious activities.
  • Darknet Landscape: Billions of records from the U.S. are for sale on darknet forums, including Social Security numbers (SSNs), personally identifiable information (PII), and credentials that could be used in misinformation campaigns and lead to fraudulent activity, phishing scams, and account takeover; approximately 3% of the posts on darknet forums involve databases related to business and government entities.
  • Ransomware Landscape: FortiGuard Labs researchers noted a 28% increase in ransomware attacks against the U.S. government year-over-year based on observed leak sites.

Scams Targeting the U.S. 2024 Presidential Election Flood the Darknet
Cyber adversaries, including state-sponsored actors and hacktivist groups, are increasingly active in the lead-up to elections.

The FortiGuard Labs research team observed threat actors selling distinct phishing kits for $1,260 each, created to impersonate U.S. presidential candidates. These kits are designed to harvest personal information, including names, addresses, and credit card (donation) details.

Since January 2024, FortiGuard Labs researchers have also identified more than 1,000 newly registered domain names that incorporate election-related terms and references to prominent political figures. Fraudulent fundraising websites, including secure[.]actsblues[.]com, meant to imitate the legitimate site for ActBlue (secure[.]actblue[.]com), a nonprofit American fundraising platform and political action committee.

The top two most-used hosting providers for these election-themed websites are AMAZON-02 and CLOUDFLARENET. The reliance on major hosting platforms such as Amazon Web Services (AWS) and Cloudflare suggests that threat actors are leveraging these reputable services to enhance the legitimacy and resilience of their malicious domains.

A notable concentration of domains is associated with a limited number of IP addresses, indicating a centralized approach by threat actors to efficiently manage multiple malicious domains to execute large-scale cyber campaigns.

No Shortage of Personal Data Being Sold Aimed at the U.S.
FortiGuard Labs analysis continues to show a significant number of diverse databases available on darknet forums targeting the U.S., including SSNs, usernames, email addresses, passwords, credit card data, date of birth, and other PII that could be used to challenge the integrity of the 2024 U.S. election. Specific highlights include:

  • Over 1.3 billion rows of combo lists, which include usernames, email addresses, and passwords, signify a considerable risk for credential-stuffing attacks. In such attacks, cybercriminals use these stolen credentials to gain unauthorized access to accounts, making it a valid and substantial security concern.
  • The discovery of 300,000 rows of credit card data, which include CVV, name, card number, expiration date, and date of birth, highlights potential financial fraud risks targeting voters and election officials.
  • Over 2 billion rows of user databases on the darknet indicate a heightened exposure to identity theft and targeted phishing attacks.
  • 10% of the posts on darknet forums are associated with SSN databases, which poses a significant threat by increasing the risk of personal data breaches.

The U.S. Government Is an Increasingly Attractive Target
Ransomware attacks targeting government agencies before an election can impact the electoral process and public trust in government institutions. Compared to 2023, the FortiGuard Labs research team observed a 28% spike in ransomware attacks against the U.S. government in 2024.

The darknet has become a hub for U.S.-specific threats, where malicious actors trade sensitive information and can potentially develop strategies to exploit vulnerabilities. Approximately 3% of the posts on these forums involve databases related to business and government entities. These databases hold critical organizational data that is vulnerable to cyber exploits and are a prime target for threat actors as the elections come and go.

Recommendations to Prevent and Mitigate Cyberattacks this Election Season
Cybersecurity measures are critical to safeguard the integrity of the U.S. 2024 presidential election. Following fundamental best practices can help prevent and mitigate the effects of cyber incidents. The full list of recommendations and best practices can be found in the report, but some key takeaways for citizens, business leaders, and election officials include:

  • Always remain vigilant for suspicious behavior or activity leading up to major events and prioritize good cyber hygiene.
  • Prioritize employee training and awareness.
  • Enforce multi-factor authentication and a strong-password policy.
  • Install endpoint protection solutions.
  • Patch operating systems and web servers and update software regularly.

About the Fortinet FortiGuard Labs Election Security Report

  • This report provides an in-depth analysis of threats observed from January 2024 to August 2024. It examines the diverse array of cyberthreats that may affect U.S.-based entities and the electoral process.

Additional Resources

About Fortinet
Fortinet (NASDAQ: FTNT) is a driving force in the evolution of cybersecurity and the convergence of networking and security. Our mission is to secure people, devices, and data everywhere, and today we deliver cybersecurity everywhere you need it with the largest integrated portfolio of over 50 enterprise-grade products. Well over half a million customers trust Fortinet's solutions, which are among the most deployed, most patented, and most validated in the industry. The Fortinet Training Institute, one of the largest and broadest training programs in the industry, is dedicated to making cybersecurity training and new career opportunities available to everyone. Collaboration with esteemed organizations from both the public and private sectors, including CERTs, government entities, and academia, is a fundamental aspect of Fortinet’s commitment to enhance cyber resilience globally. FortiGuard Labs, Fortinet’s elite threat intelligence and research organization, develops and utilizes leading-edge machine learning and AI technologies to provide customers with timely and consistently top-rated protection and actionable threat intelligence. Learn more at https://www.fortinet.com, the Fortinet Blog, and FortiGuard Labs.

Copyright © 2024 Fortinet, Inc. All rights reserved. The symbols ® and ™ denote respectively federally registered trademarks and common law trademarks of Fortinet, Inc., its subsidiaries and affiliates. Fortinet’s trademarks include, but are not limited to, the following: Fortinet, the Fortinet logo, FortiGate, FortiOS, FortiGuard, FortiCare, FortiAnalyzer, FortiManager, FortiASIC, FortiClient, FortiCloud, FortiMail, FortiSandbox, FortiADC, FortiAI, FortiAIOps, FortiAntenna, FortiAP, FortiAPCam, FortiAuthenticator, FortiCache, FortiCall, FortiCam, FortiCamera, FortiCarrier, FortiCASB, FortiCentral, FortiConnect, FortiController, FortiConverter, FortiCWP, FortiDB, FortiDDoS, FortiDeceptor, FortiDeploy, FortiDevSec, FortiEdge, FortiEDR, FortiExplorer, FortiExtender, FortiFirewall, FortiFone, FortiGSLB, FortiHypervisor, FortiInsight, FortiIsolator, FortiLAN, FortiLink, FortiMoM, FortiMonitor, FortiNAC, FortiNDR, FortiPenTest, FortiPhish, FortiPlanner, FortiPolicy, FortiPortal, FortiPresence, FortiProxy, FortiRecon, FortiRecorder, FortiSASE, FortiSDNConnector, FortiSIEM, FortiSMS, FortiSOAR, FortiSwitch, FortiTester, FortiToken, FortiTrust, FortiVoice, FortiWAN, FortiWeb, FortiWiFi, FortiWLC, FortiWLM and FortiXDR. Other trademarks belong to their respective owners. Fortinet has not independently verified statements or certifications herein attributed to third parties and Fortinet does not independently endorse such statements. Notwithstanding anything to the contrary herein, nothing herein constitutes a warranty, guarantee, contract, binding specification or other binding commitment by Fortinet or any indication of intent related to a binding commitment, and performance and other specification information herein may be unique to certain environments.

Media Contact:
Travis Anderson
Fortinet, Inc.
408-235-7700
pr@fortinet.com 
Investor Contact:
Aaron Ovadia
Fortinet, Inc.
408-235-7700
investors@fortinet.com
Analyst Contact:
Brian Greenberg
Fortinet, Inc.
408-235-7700
analystrelations@fortinet.com 

FAQ

What cyberthreats are targeting the 2024 U.S. Presidential Election according to Fortinet (FTNT)?

According to Fortinet's report, the main cyberthreats include phishing scams targeting voters, malicious domain registrations impersonating candidates, sale of U.S. personal data on darknet forums, and increased ransomware attacks against the U.S. government.

How many new potentially malicious domains related to the 2024 U.S. election has Fortinet (FTNT) identified?

Fortinet's FortiGuard Labs has identified more than 1,000 new potentially malicious domains registered since the beginning of 2024 that incorporate election-related terms and references to prominent political figures.

What percentage increase in ransomware attacks against the U.S. government has Fortinet (FTNT) observed?

Fortinet's FortiGuard Labs researchers noted a 28% increase in ransomware attacks against the U.S. government year-over-year based on observed leak sites.

What recommendations does Fortinet (FTNT) provide to prevent cyberattacks during the 2024 U.S. election season?

Fortinet recommends remaining vigilant, prioritizing employee training and awareness, enforcing multi-factor authentication, installing endpoint protection solutions, and regularly updating software and patching systems.

Fortinet, Inc.

NASDAQ:FTNT

FTNT Rankings

FTNT Latest News

FTNT Stock Data

73.20B
632.45M
17.48%
69.75%
1.65%
Software - Infrastructure
Computer Peripheral Equipment, Nec
Link
United States of America
SUNNYVALE