With elections ramping up in 50 countries, 2024 promises to be a politically charged year. As a result, there is heightened interest in understanding the impact of global and domestic political dynamics on various industries.
This blog delves into the potential implications for industries and organisations as elections unfold in the year ahead – starting with a look at the highly anticipated U.S. election.
From a threat intelligence perspective, this entails reviewing what we have seen in the past, considering what we might see this year and understanding what we can do to stay prepared.
A look back – Previous threat actor motivations and tactics
2020 elections ramifications still to this day
Four years ago marked one of the most high-profile election seasons in the world, and its ramifications are still felt today. Ongoing court cases, public distrust of elections, and a significant partisan divide are some of its lasting effects. The 2020 election season has been studied extensively by the National Intelligence Council (NIC), which concluded definitively that Russia and other nations led campaigns to interfere with the U.S. elections.
The NIC found there were massive disinformation campaigns led by multiple nations, the largest of which was led by Russia. They intentionally sowed distrust in the voting system among American voters, as well as pushing their narratives for and against specific candidates. In addition to Russia, the primary groups behind disinformation campaigns were Iran, Lebanese Hizballah, Cuba, Venezuela and other smaller nations.
The involvement of state-sponsored groups comes as no surprise, but it is crucial to analyse the motivations behind these interferences to understand the challenges and potential scenarios anticipated this year.
Russia aimed to alter American voters’ perceptions, increase socio-political division and undermine confidence in the election process, primarily viewing a Joe Biden presidency as disadvantageous to Russian interests.
Iran shared similar motives but with a different preferred candidate. Notably, Iran was involved in campaigns undermining the election process, obtaining voter information, sending threatening emails, and disseminating information about election infrastructure vulnerabilities.
The largest Russian interference in the 2020 election season by far was disinformation campaigns. State media, online trolls and thousands of proxy accounts, some dating back as far as 2014, spread disinformation through social media and similar outlets.
This disinformation included inflated claims of compromised voting systems and ballot box taxes helped push the narrative that the Republican candidate’s subsequent loss was due to election fraud.
Russia also conducted cyber attacks against the Democratic party and political actors, as well as engaging in phishing campaigns, notably targeting Burisma Holdings during Trump’s impeachment inquiry.
Iranian activity mirrored Russia’s, with control over thousands of proxy accounts pushing disinformation since 2012. Iranian actors also sent threats to Democratic voters. Smaller nations engaged in low-level activity, supporting efforts to undermine U.S. election trust.
These tactics did not differ significantly from those used in the previous 2016 presidential election, such as voting system intrusions, voter suppression, targeted phishing campaigns and massive disinformation campaigns.
What might we see?
In addition to disinformation campaigns, leaks have played a vital role in the last few elections and will continue to do so. Leaks, such as those associated with Hillary Clinton, Hunter Biden or Trump, still play a crucial role in public trust of individuals and organisations, whether based on legitimate information or not. As an example, the WikiLeaks incident was masterfully crafted at just the right moment to push support away from Hillary Clinton.
Now, with the Epstein Files top of mind, countless names are being discovered to be connected with Jeffrey Epstein in some capacity, whether small or large. Bad actors have the opportunity to create ties and connections that could lead back to candidates and their relatives, political actors and organisations.
Where the layman might miss a connection, a motivated threat actor might not. There are numerous examples of photos of people standing beside each other, messages, testimonies, etc. that form connections that can and will be used against individuals and organisations.
The disruption to American society wasn’t just cyber focused. The election season saw countless protests, riots and demonstrations that turned violent and threatened both people and assets. Tensions are already high, and with foreign states pushing further discord, more mass demonstrations would not be unexpected.
For university campuses or government buildings, the potential ramifications of physical incidents like these are likely already being monitored.
Monitoring people, assets, and operations can be critical, but many organisations may not be aware of the threat posed by events like these. Buildings, ATMs, gas stations, pipelines and office locations are all assets that need to be protected. And these assets don’t even necessarily need to be directly connected to an event. They might just happen to be on the war path. For instance, countless storefronts have been destroyed and looted during riots over the past few years.
Bad actors can garner interest and support over platforms like Telegram, Discord, X (Twitter) and 4Chan. Protests can shut down infrastructure and inhibit critical operations that have a direct effect on business operations. For example, internet service providers can be targeted directly or indirectly, and traffic caused by riots or protests can inhibit movement, just to name a few. For healthcare organisations, physical risks can have potentially life-threatening impacts.
How to equip yourself for a safe and prepared year
To prepare for the challenges of election interference in 2024, begin by mapping out the areas of election-related risk that might impact your organisation. E.g., Are we at risk if a protest blocks access to our building? Are there information campaigns directly targeting our industry?
The next step is to review your security controls, particularly around access control. Given the propensity for threat actors to target individuals and organisations, having robust access controls is pivotal for safeguarding sensitive information.
With the potential for protests, demonstrations, and riots, pay heightened attention to physical security monitoring. This becomes particularly crucial if you have assets and personnel located in downtown areas, where such events are more likely to occur.
Strengthening your understanding of bad actors’ tactics, techniques, and procedures (TTPs) is imperative. As those who work in threat intelligence know well, this knowledge is vital to gaining insights into the methods employed by threat actors, allowing for a more proactive security stance.
Recognising and archiving campaigns linked to election interference is key. Staying informed about known state-backed accounts and their activities and understanding these patterns enables a more informed and responsive security strategy.
Finally, implementing comprehensive security awareness training for all employees is essential. This includes phishing awareness initiatives to help employees identify and block malicious attacks. Additionally, instilling awareness of physical security risks associated with demonstrations enables employees to take notice of and report suspicious activities effectively.
How Silobreaker helps
Silobreaker helps organisations detect, analyse and respond to election-related and other threats, both cyber and physical.
With Open-source intelligence (OSINT) built-in, Silobreaker collects and analyses publicly available information to gain insights into potential threats and actors involved in election interference. This enables you to get an early warning on threats and make better informed decisions to reduce risks.
Identify relevant trending TTPs related to elections proactively, from a highly curated data set across open, dark web and premium finished intelligence. Silobreaker’s AI-powered intelligence assistant, Silobreaker AI, adds computer-aided learning and automation to further streamline the collection, aggregation, accurate analysis and dissemination of trusted open-source intelligence data for faster, more confident decision-making.
Silobreaker also provides clear visualisations and reports to help decision-makers understand the evolving threat landscape and make informed choices.
As this year’s foreign and domestic elections unfold, Silobreaker can help you identify threats to your organisation faster and prioritise risks better. This reduces the impact, severity and number of incidents – safeguarding brand reputation, revenue, assets and operations.
To gain a strategic understanding of the security implications of the 2024 elections and how the right threat intelligence can help you navigate them, the full webinar recording “Beyond the Ballot: Threat intelligence and the 2024 election season” is available to watch here.