Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Protecting the US Election by Adopting Basic Cybersecurity Protocols

In a joint advisory issued on September 18, the Office of the Director of National Intelligence (ODNI), the Federal Bureau of Investigation (FBI), and the Cybersecurity and Infrastructure Security Agency (CISA) reported that Iranian actors have increased their activity attempting to influence the 2024 US election by sending information stolen from the Trump campaign to Democratic Party officials.

Trustwave SpiderLabs has been tracking how outside groups are attempting to influence the election and notes the basic security practices that work to secure any organization can work for political organizations.

"Iranian malicious cyber actors in late June and early July sent unsolicited emails to individuals then associated with President Biden's campaign that contained an excerpt taken from stolen, non-public material from former President Trump's campaign as text in the emails," the advisory said. "There is currently no information indicating those recipients replied. Furthermore, Iranian malicious cyber actors have continued their efforts since June to send stolen, non-public material associated with former President Trump's campaign to U.S. media organizations."

 

Securing the Election

Trustwave SpiderLabs Vice President of Security Research, Ziv Mador, noted that the theft of campaign materials is not unique, but it is rare. Mador pointed to incidents that occurred in 2005 to 2014 in Latin America as one example of hackers being used to push an election in a specific direction.

"Along with a growing interest in the results of the elections in major democracies, the US presidential election being the most prominent right now, foreign nations are using multiple techniques to increase their level of interference", Mador said.

"Luckily, even though they are carried out by relatively sophisticated actors, normal cybersecurity measures can be effective in minimizing the risk of successful breaches."
Ziv Mador, VP Security Research, Trustwave SpiderLabs

 

"Campaigns can protect their servers and content using normal security measures such as multifactor authentication, database security, encryption email security protocols, and teaching employees and volunteers to not click on phishing," Mador said. "Trustwave would also suggest requiring strong passwords for everyone with access to campaign materials, meticulously patching systems and proper security training."

 

Iran Ups its Game

However, the new Iranian activity goes beyond a recent ODNI, FBI, and CISA warning regarding actions by Iran, Russia, and China that have been taking place to impact the US election. Previous Iranian activity, according to the ODNI, was less direct, with Iran using its vast webs of online personas and propaganda mills to spread disinformation and has notably been active in exacerbating tensions over the Israel-Gaza conflict. These include extensive networks of digital personas and propaganda operations and have been particularly active in heightening tensions surrounding the Israel-Gaza situation.

Iran is not a newcomer to election interference. Earlier this year, the same federal agencies, and Microsoft's Threat Analysis Center (MTAC) noted that Iranian cyber-enabled influence operations have been consistent in the last three US election cycles. In a recent blog,Trustwave SpiderLabs Senior Consultant Jose Luis Riveros discussed how historically Iran's operations differ from Russian campaigns.

Riveros noted they tend to appear later in the election season and employ cyberattacks geared more toward election conduct than swaying voters. Iranian actors are expected to employ cyberattacks against institutions and candidates, MTAC reported, while simultaneously intensifying their efforts to amplify existing divisive issues within the US, like racial tensions, economic disparities, and gender-related issues.

Discover Trustwave Solutions for Government

Learn More

What Trustwave SpiderLabs has Found

In a recent report, Distributed Denial of Truth (DDoT): The Mechanics of Influence Operations and The Weaponization of Social Media, Trustwave SpiderLabs Senior Security Researcher Jose Tozo went into detail discussing the concept of social media weaponization and its use in asymmetrically manipulating public opinion through bots, automation, AI, and shady new tools.

Influence operations and Coordinated Inauthentic Behavior (CIB) involve the strategic use of fake social media profiles and impersonated news outlets to manipulate perceptions, behaviors, and decisions. These tactics, which can be legal or illegal, often include various forms of disinformation or manipulation.

Actors seeking influence have several tools at hand to not only create content, but to build a case that it is legitimate. These include:

  • Engagement Farming -This technique is used to increase visibility and reach within the platform's algorithm to grow an online presence.
  • Follower Farming –This includes increasing the number of followers on a social media account, often through artificial means like bots, purchased followers, or follow-unfollow strategies.
  • Hate Farming –This strategy is used on social media platforms where individuals or groups intentionally spread hate speech, inflammatory content, or divisive rhetoric to provoke strong emotional reactions, particularly anger or outrage.

CIB is also playing a role in attempting to influence the election. Trustwave SpiderLabs noted that in Meta's Q2 2024 report, one of the six CIBs mentioned was a covert influence operation leveraging social media to spread political propaganda under the guise of the Patriots Run Project (PRP). The operation has created 96 Facebook accounts, 16 pages, 12 groups, and three Instagram accounts. In addition to several domains including "patriotsrunproject[.]com." an X presence through "PRPNational" has been constructed. The accounts originated in Bangladesh and were used to craft a false narrative of widespread support for PRP, which claimed to be a political advocacy group with chapters in several US states.

To enhance the legitimacy of these accounts, operators used AI to create profile pictures, which were later replaced with more personalized images effectively employing the astroturf technique.

These fictitious personas pretended to reside in key US states such as Arizona and Michigan, sharing content that blended local interests, like sports and restaurant check-ins, with political memes. The PRP campaign also utilized these fake accounts to amplify content, spending about $50,000 on Facebook ads and attracting thousands of followers and group members across its assets.

The campaign effectively evaded detection by copying authentic social media posts and maintaining operational security through proxy IPs while spreading negative content about specific individuals and institutions.

 

Using Election News for Old Time Crime

Threat actors are, as expected, using the election, political themes, and candidate names as part of their social engineering practices to convince recipients to open their emails, according to another Trustwave SpiderLabs report. Emails that are not intended to sway a vote, but to steal information from the recipient.

In two –months of monitoring of SEG Cloud and Spam Traps, Trustwave SpiderLabs has spotted more than 11,000 spam messages that mention the name or political parties of the candidates as part of their lure. As July passed, the amount of spam increased and eventually reached its peak.

Former President and Republican presidential candidate Donald Trump is the most used name in the subject lines of these spam mails – with 29%. He is followed by the Incumbent VP and Democratic candidate Kamala Harris with 5.7%.

Safeguarding the US election from cyber threats is crucial to protecting the integrity of the democratic process. The recent advisory from the ODNI, FBI, and CISA highlighting Iranian cyber activity underscores the need for robust cybersecurity measures within political organizations. By adopting basic security practices such as multifactor authentication, database security, encryption protocols, and employee training, campaigns can significantly reduce the risk of cyber breaches.

ABOUT TRUSTWAVE

Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.

Latest Intelligence

Discover how our specialists can tailor a security program to fit the needs of
your organization.

Request a Demo