2024 is a historic year, with elections taking place in 50 countries and over 2 billion voters heading to the polls. As the 2024 US national elections approach, the stakes are high – with potential cyber threats posing significant risks to the democratic process.
Distributed Denial-of-Service (DDoS) attacks are a risk during the election season as they can disrupt critical election infrastructure, lead to downtime, and undermine public confidence.
Let’s take a closer look at what is involved.
National Elections in the US Have Been Targeted in the Past
The history of US presidential elections is marred by numerous cyberattacks. Even back in 2006, the election campaign of Joe Lieberman – then a US Senator – experienced a Denial-of-Service (DoS) attack that crippled their IT systems. While not related to DDoS attacks specifically, fast forward to 2016 and the infamous Podesta email leak – a data breach accomplished via a spear-phishing attack – highlighted the vulnerabilities within election campaigns.
What can we expect during the US national elections of 2024? According to Mandiant, part of Google Cloud, the most potent threats to the democratic process currently are chained attacks, combining various methods such as leaks, DDoS attacks, and disinformation campaigns. These complex attack chains represent a significant threat to the integrity of the upcoming elections.
Nightmare of a Story: The Ukrainian Presidential Elections in 2014
Ukraine’s 2014 presidential elections were severely impacted by Russian cyber aggression following the ouster of its pro-Russian president and the invasion of Crimea. Russian actors, under the guise of “CyberBerkut,” launched DDoS attacks against NATO and Ukrainian media websites.
These attacks culminated in a cyber assault on Ukraine’s central election computers, deleting files and rendering the vote tallying system inoperable. This attack was designed to disrupt the electoral process and spread disinformation, nearly succeeding in broadcasting fake election results favoring a specific candidate.
What’s to Come? DDoS Attacks in the Recent European Elections
The recent European elections were marked by a surge in DDoS attacks. Research from StormWall revealed that:
- 4% of all malicious traffic during Q2 targeted EU territories, with significant spikes during election periods.
- 1,100% increase in bot traffic during elections in the UK, France, Germany, and for the European Parliament,
These attacks peaked around critical dates, indicating a coordinated effort to disrupt the electoral process. And the latest elections were not the first time that we saw targeted DDoS attacks that aimed to disrupt European elections. Other examples include:
- The attack on Sweden’s election authority, which suffered from three DDoS attacks on the day of Sweden’s 2022 general election
- A DDoS attack in the Czech Republic during the 2023 presidential elections – two days before the polls opened
The Election Ecosystem Is Vulnerable
Election-related systems vulnerable to DDoS attacks include public-facing services and internet-reliant office systems. Public-facing services encompass:
- Voter or election information websites
- Election night reporting websites
- Online services such as voter information lookup, polling site lookup, voter registration, and mail-in/absentee ballot requests
Internet-reliant office systems include:
- Electronic poll books
- Business process systems like HR, accounting, and phone lines
- Email applications
- VoIP phone systems
Attacking these systems allows cybercriminals to disrupt voter information dissemination, registration processes, and even the reporting of election results.
Being Prepared for DDoS Incidents
Now is the time for election officials and technology providers to put comprehensive incident response plans in place and improve cyber resilience by taking proactive steps. You can reduce the likelihood and impact of DDoS attacks by:
- Coordinating with Service Providers: Ensure clear communication with website and internet service providers about key election dates and potential risks.
- Identifying a DDoS Attack: Establish procedures to quickly identify and confirm DDoS incidents.
- Developing an Internal Communications Plan: Create a crisis communications team and plan for maintaining communication during an incident.
- Training for DDoS Attacks: Regularly train staff on incident response procedures and conduct tabletop exercises to simulate DDoS scenarios.
Adopt a Proactive Approach to DDoS Vulnerability Management
Mitigating the risk of DDoS attack effectively requires continuously identifying and remediating vulnerabilities in deployed DDoS defenses. Instead of waiting for a damaging attack to start and then triggering a reactive Service Level Agreement (SLA), proactive vulnerability identification and remediation allows organizations to sidestep an attack before it can begin.
This pre-attack approach is crucial. It allows organizations to avoid reactive response scenarios that can result not only in a disruption to electoral processes – but also can lead to political instability.
At MazeBolt, our RADAR™ solution offers autonomous risk detection, continuously identifying vulnerabilities and network misconfigurations in DDoS protections. By analyzing traffic data and prioritizing remediation, MazeBolt RADAR mitigates the risk of DDoS attack. Implementing this type of proactive approach to DDoS mitigation is key to safeguarding the integrity of the democratic process during election period – ensuring continuous monitoring and readiness, mitigating risk, and helping to maintain public confidence in the democratic process.
To learn more about MazeBolt RADAR, contact us.
