US Elections: Malicious internet domains spike as campaigns heat up

Internet domain registrations linked to the US presidential election are increasingly likely to be malicious or fraudulent, with 16% of all new registrations created in September 2020 found to be illegitimate, according to researchers at Check Point.

The pivotal 2020 presidential election, a bitter battle between incumbent president Donald Trump and former vice-president Joe Biden, is being conducted in the shadow of interference by cyber threat actors linked to the Russian government, which has been targeting political organisations with cyber attacks. However, the high profile of the 2020 election is also drawing the attention of regular cyber criminals.

Check Point conducted a study on election-linked domains between June and October and found that, when compared to other domain registrations across that time period as a whole, election-related ones were 56% more likely to be dangerous.

It said that since mid-August it has seen around 1,545 new election-related domains popping up every week, up 24%.

Oded Vanunu, Check Point’s head of products vulnerabilities research, said: “The upcoming Presidential Election has already been marked by storms of controversy over misleading claims and the potential for vote tampering.

“Now, threat actors are ramping up their efforts to manipulate the results and cause additional disruption by creating fake election-related websites, with the aim of spreading false news and propaganda or of stealing users’ details.

“With just 20 days to go until election day on 3 November, we urge people to double-check the election-related resources they visit online to ensure they are genuine and trustworthy, and to avoid the risk of having their personal data phished,” said Vanunu. 

A recent FBI warning highlighted the possible leverage of spoofed domains and fake email accounts by both nation state-backed actors and cyber criminals to disseminate false information, gather valid usernames, email addresses and account credentials, alongside other forms of personally identifiable information (PII). Fraudulent websites can also be used to distribute malware, leading to further compromise and, in some cases, financial losses through ransomware.

Users can best safeguard themselves against malicious websites by checking for authentic URLs and verifying they are using one. You should never click on a link in an email, rather search for it on Google or search engine of your choice, then click through from the results page.

It is also important to watch for shortened links, which can be deliberately abridged to fool someone into thinking they are clicking through to something legitimate, and to be aware of lookalike domains and spelling errors in URLs – such as the substitution of the number 1 for the lower case letter L or upper case letter I, for example.

Check Point has also outlined other possible election cyber attack scenarios against which both organisations and individuals should be on their guard.

Prominent among these are the possibility of a devastating distributed denial of service (DDoS) attack on the US Postal Service. An essential cog in the smooth functioning of a US election, if its services were to be disrupted in some way millions of postal votes could be delayed. This scenario may influence the entire outcome of the election as postal voting is up this year thanks to the Covid-19 pandemic.

People should also be alert to leaked documents snatched from political opponents by hostile foreign actors – this has happened to both the Democrats and Republicans in the US, and in UK elections too – in an attempt to sway opinion and election results.

Guarding against data breaches in such cases is largely a matter of applying good basic cyber security practice, such as enforced password policies, user education, and endpoint security. But note also that in leaks linked to Russian intelligence, such documents are frequently shown to be fake, and relatively crude – one way of spotting them is their poor English, they tend to omit or misuse definite or indefinite articles such as ‘the’, ‘a’ or ‘an’ or the present tense of the verb ‘to be’.

Check Point also warned of the weaponisation of fake news and misinformation, attacks on the communication of the election results after the polls close, and so-called meme warfare, where floods of meme content are used to bypass the algorithms social media platforms use to take down misinformation.