Cybersecurity Challenges in 2024 United Kingdom’s Elections

Cybersecurity challenges are expected to play a significant role in the upcoming United Kingdom elections in 2024. As the world becomes more interconnected, political campaigns and electoral processes rely more heavily on technology and online platforms. However, this reliance increases the risk of cyberattacks and foreign interference.

Throughout history, foreign interference in domestic politics has been a recurring phenomenon, with nations often seeking to exert influence over other states for strategic gain. Today, this centuries-old phenomenon has found a new medium, cyberspace.

There is no need to emphasize the dependency we have on the internet.From social media platforms and big media corporations to emails and any other service that keeps our data on the web, the internet surrounds us. It is important to remember the fact that the internet is not immune from any kind of interference.

1. Cybersecurity Challenges in Western Elections

When we look at the state-sponsored cyber attacks damaging Western countries, we generally see Russia, China, Iran, or North Korea behind these attacks. These countries have been frequently implicated in state-sponsored cyber attacks against Western countries.

These attacks ranged from espionage and data theft to disruptive actions targeting critical infrastructure or governmental institutions. Countries behind the attacks have different motivations and objectives for their cyber activities, such as political, economic, and strategic. In the event of an electoral process, DDoS attacks, phishing attempts, or ransomware attacks pose significant threats to the integrity and outcome of the democratic proceedings.

2. Importance of Cybersecurity Measures in United Kingdom’s Upcoming Elections

In January, Prime Minister Rishi Sunaksaid he had expected to call the election “in the second half” of 2024. As a leading power in global politics, the result of this election in the United Kingdom can lead to certain political shifts.

While the grand strategy of a state won’t get affected much because of elections, certain minor shifts in the policies of such a major state will have noticeable impacts on other parts of the world. As the world is going through such hard times, foreign interference in the domestic politics of a major power can further destabilize the already shaky diplomatic ties.

3. Possible Threats for the Upcoming United Kingdom’s Elections

Such malicious attempts on the cyber space with political incentives generally occur under two main branches. One of them is related to disinformation and manipulation of public opinion. Deepfakes, targeted ads, fake news, and many other tactics can be utilized for this purpose. Muddying the waters in sensitive times can create great benefits for the aggressors. We can remember the Brexit referendum and all the misinformation people had to face before voting for a serious change.

The second branch concerns tactics aimed at individuals or specific targets rather than masses. Phishing campaigns towards political parties or candidates and journalists as well as ransomware attacks towards banks or public offices. Targeting such niche points allows aggressors to gather intelligence that can be utilized in any possible way.

While the United Kingdom is preparing for the next elections, it is important to look out for possible threats in cyberspace.

4. Possible Phishing Attacks Towards High-Value British Profiles

In terms of election security, one of the attack types officials should be careful about is phishing campaigns. When it comes to elections, these phishing campaigns are most dangerous when they target individuals involved in elections. We saw such attempts towards UK officials at the end of 2023. Civil servants, MPs, and journalists have been targeted in attempts to “meddle in British politics”, according to Foreign Office Minister Leo Docherty. Alongside typical profiles mentioned by Docherty, other profiles can be targeted during the elections as well. Anyone who has connections with the political process can be a target.

Phishing emails could be crafted to appear as communications from election officials, such as county clerks, election commissioners, or IT administrators responsible for election systems. These emails might ask for sensitive information or credentials under the guise of needing to verify voter data or system updates and they can be disguised well, making them harder to detect.

Campaign managers, communication directors, finance managers, and other staff within political parties are some of the potential targets. Phishing emails might pose as internal communications or messages from party leadership requesting login credentials, financial information, or other sensitive data. Phishing attacks could also target candidates, posing as messages from their campaign staff, donors, or party officials. These emails can be sent to political parties in an attempt to steal campaign strategies, financial data, or personal information that could be used for a variety of purposes. The activities of the Callisto Group towards the Department of Energy, candidates of the Parliament, and think tanks in the U.K. are good examples of the vulnerability of public institutions against such attacks.

In certain cases, individuals volunteering for political campaigns or even voters may also be targeted. Phishing emails might impersonate campaign organizers, asking for donations, volunteer sign-ups, or other actions that could compromise personal information or financial data. Such attacks could also aim to spread misinformation, suppress voter turnout, or collect personal information for identity theft.

Individuals in these roles must remain vigilant against phishing attempts, use strong security measures such as two-factor authentication, and regularly improve their cybersecurity knowledge to recognize and avoid these threats. Additionally, organizations involved in elections should provide comprehensive cybersecurity training to their staff and volunteers to mitigate the risk of successful phishing attacks. Such organizations can also benefit from SOCRadar Email Threat Analyzer which provides additional intelligence towards suspicious emails to stay vigilant towards threats.

5. Phishing Domains That Can Have an Impact on United Kingdom’s Elections

During an election term, phishing campaigns can target a wide range of individuals and organizations involved in the electoral process. Political figures and parties, including candidates and elected officials, journalists covering political events, and civilians are not immune to phishing attempts during election periods.

While detecting phishing email addresses requires those addresses to be used, phishing domains for tricking individuals into taking action or spreading misinformation through fake websites are slightly easier to detect. Phishing domains often exhibit certain characteristics. Criminals use spoofed domains, fake subdomains, or typosquatting to trick individuals into clicking on their links. The data used for the below table has been collected via a wide variety of sources, considering the above-mentioned tricks. With this result, you can see the amount of phishing domains that can be utilized for malicious purposes. The table displays the number of domains available for phishing, which aim to deceive individuals into thinking they’re the original domains listed in the first column.

A display of the number of domains available for phishing for some United Kingdom election related sites

Phishing domains can be created easily and used for malicious purposes. As you can see from the table above, there is no scarcity when it comes to obtaining a domain. Since the threat landscape is vast, accurate intelligence becomes vital. Detecting the correct phishing domain impersonating your organization among the thousands of other possible domains is no different than finding a needle in a haystack. SOCRadar’s Phishing Domain Detector can guide your organization through this complicated web of malicious domains and help you detect the correct target and mitigate your risks.

6. Deepfake and the use of AI

The use of deepfakes and AI in general, is another threat to the integrity of the elections. Especially in recent years, AI technologies have come a long way. We have seen the use of AI tools to create perfect materials for phishing campaigns so far. Threat actors didn’t lose any time to leverage this new tool to manipulate their targets. In the case of an election, this target can be the public opinion, a political figure, or trust in political institutions.

Generating an image or video with these technologies lasting a few seconds is accessible to anyone. Creating the correct media and portraying it at the correct time and place can have a significant impact on the elections and therefore on global politics, especially in the case of the UK, a global giant. Framing a politician, misinterpreting a policy, and disseminating false information are just some examples of how AI can be used with bad intentions.

The service provided by threat actors serves as a prime example of the malicious utilization of deepfakes and AI

Nowadays, when AI or deepfakes are being discussed, people are generally thinking about video or image generation. While that usage of AI is still dangerous, crafting counterfeit documents with AI assistance, such as falsified bank transactions, fraudulent ballots, or creating fake “political expert” accounts featuring AI-generated faces, has the potential to incite significant turmoil within a fiercely contested election landscape.

7. Risk of Data Leaks in United Kingdom’s Elections

27.7 million records related to patient data from HCA Healthcare, which operates a network of hospitals in the USA and the UK are on sale in a hacker group.

Another important thing to keep in mind is related to data leaks. Usage of already leaked data with a mix of AI gives threat actors the chance to conduct disinformation operations that are very difficult to detect because of the mix of reality with AI-generated content.

Data leaks can damage the trust in electoral processes without the need for AI-generated content. Voter registration databases are high-value targets and require extra attention and security. Leaks from such sources will undermine the trust voters have in the election process. It can allow threat actors to create misinformation campaigns and even use that leaked data for their purposes. Back in September 2023, the cybercriminal group LockBit targeted a manufacturing company from the UK, causing a leak of data that could grant access to some of the United Kingdom’s most critical military and research facilities. Public institutions, political parties, and other parties related to the United Kingdom’s elections are not immune from such attacks.

8. Ransomware Risk in United Kingdom’s Elections

Ransomware attacks are another concern for officials. According to a recently published report, the UK is at high risk of catastrophic ransomware attacks.

Here you can see the Top 10 ransomware threats targeted the UK in recent years. Even though the LockBit and Blackcat leak sites have been seized by law enforcement, the threat landscape is still vast.

When it comes to elections, ransomware attacks pose several risks such as disruption of election infrastructures and cause delayed reporting of results. Such an attack will create the perfect environment for foreign interference in domestic politics. Rival states can benefit from such a moment to spread misinformation for their aims. Overall, such attacks on important and official infrastructures cause huge drops in citizens’ trust and confidence in their states, which is another win for the rival nations.

The idea of not being able to announce the election winner without paying a ransom can seem too much but according to the report prepared by UK officials, large parts of the Critical National Infrastructure (CNI) of the UK are still vulnerable to ransomware. Officials claim that a coordinated and targeted attack has the potential to take down large parts of UK CNI and public services.

A hostage to fortune: ransomware and UK national security report conclusions and recommendations part

9. DDoS Risks During United Kingdom’s Elections

DDoS attacks are another threat to look out for during the election period in the UK. Threat actors can target election infrastructure by overwhelming these systems and disrupting the election process. DDoS attacks can also prevent voters from accessing the resources they need and block them from participating in electoral processes.

These kinds of attacks may not occur from cybercriminals just for the sake of political gains during the election period in the UK but also to generally undermine the trust towards the government or to have a stance against the UK politically. The attack below is an example of this. A DDoS attack on educational institutions was organized because of political strife towards the stance of the UK on the Israel-Palestine conflict.

Back in January, a threat group announced their planned attack on the UK because of the stance the UK had in the Israel-Palestine conflict that started on October 7, 2023.

One month later, they claimed responsibility for a DDoS attack aimed at top UK academic institutions.

While it is early for such groups to make announcements, challenging the authorities and therefore be tracked down by them, it is important to scan the threat landscape and be ready. You can do this threat analysis with the help of SOCRadar’s DoS Resilience tool, get the necessary intelligence about the strength of your organization against DoS (Denial of Service) attacks, and take an important step before cybercriminals.

SOCRadar DoS Resilience Service allows you to check your domain’s resilience against DoS attacks.

10. Conclusion

As the UK prepares for its elections, the importance of cybersecurity is supreme. With the help of SOCRadar’s threat intelligence modules, organizations can correctly analyze the threat landscape and take the necessary steps before criminals. The importance of cybersecurity for global politics and the safety of the masses is growing every day, and accurate intelligence is an undeniable component of robust cyber resilience.