The U.S. midterm election has passed without any disruptive cybersecurity incidents, but researchers at Bitdefender found some evidence of influence campaigns appearing and cybercriminals using election keywords for money-making scams.
Bitdefender found four areas of concern.
On the political side, it came across typosquatted domains registered by hackers to spread misinformation, particularly in Texas, or perform smear-campaigns against other political candidates a website farm spreading propaganda from more than 100 sites, disseminating political messages on social media. The farm exposed more than 25,000 users per month to propaganda, since mid-September.
The money-making criminal efforts centered on extortion campaigns with phishing emails targeting victims whose passwords were “Republican” and threatened them with a “sextortion” scam. Scammers sought to extort $800 worth of Bitcoin for not publishing the videos allegedly recorded using the victim’s webcam. The malicious actors also used the standard scam of using midterm election topics in social engineering efforts. Some of the typosquatting was also used to redirect visitors to malware or ad-serving and in some instance even adult websites.
However, all things considered, Bitdefender found fewer issues than it expected.
Bogdan Botezatu, Bitdefender’s director of threat research and reporting, credited the work put in by social media companies to find and eliminate fake news, propaganda and disinformation along with increased awareness on both voters and candidates have made it far more difficult for attackers to capitalize on elections.
“High profile events such as political elections are generating serious interest from domestic and external third parties. Based on our observations in previous elections, as well as what the media has uncovered during the past two years, Bitdefender discovered fewer telltale signs of information warfare than we would have expected,” he told SC Media.
Botezatu noted the incidents discovered were directed against elections taking place in only a few states.
“Our threat intelligence feeds show that most of the incidents, spam and malware were recorded in California, Texas and Florida. Most of the politicians targeted in typosquatting attacks described above were representing Texas. This shows that Texas was the most targeted state during the elections,” he said.
Those attempting to make money off the midterm election, for the most part, used basic malware, like ransomware, cryptominers and remote access trojans. What was not found in last month’s election were the sophisticated attacks that would be necessary for someone with a political agenda who was interested in discrediting political figures, flooding the internet with fake news, but that does not mean they did not happen.
“There is no evidence that threat groups have used such advanced threats against the elected government or candidates, but this type of attack usually takes time to surface,” Botezatu said.