NJCCIC Issues Warning About Cyber Interference in 2024 Election
Sunday, July 21, 2024
CNBNEWS (July 21, 2024)--In a recent release, the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC) published an extensive report exceeding 5,000 words focusing on the potential threat of cyber attacks on events such as the upcoming 2024 United States Presidential Election. This report is a valuable resource in understanding and addressing cybersecurity risks, as the NJCCIC operates within the New Jersey Homeland Security Department.
2024 US Presidential Election |
Leading up to the 2016 and 2020 presidential elections, nation-state actors and their proxies conducted targeted cyberattacks against states’ election infrastructure across the country. In addition, these threat actors carried out cyber-enabled mis-, dis-, and mal-information campaigns using social media platforms, email services, botnets, and troll farms. The campaigns promoted the threat actors’ own political and national interests, attempting to coerce and sway U.S. voters, sow social discord, and erode trust in the electoral process. |
2016 Elections - Russian Hacking of States’ Elections Systems |
In July 2016, Russian state-sponsored hackers exploited a web application vulnerability in the Illinois State Board of Elections website to illegally access sensitive personal information, including names, addresses, Social Security numbers, and drivers’ license numbers of approximately 500,000 Illinois voters. The breach forced the board to shut down the voter registration system for 10 days to investigate the attack. While no evidence of voter data manipulation was found, the incident raised concerns about the vulnerability of election systems to cyberattacks. The Illinois database breach was part of a broader Russian campaign targeting election infrastructure across multiple states that aimed to undermine confidence in the U.S. election process. According to a Joint Intelligence Bulletin and a Joint Analysis Report published by DHS and the FBI, the election infrastructure in all 50 states was researched by Russian government threat actors leading up to the 2016 presidential election. The research activity was aimed at identifying vulnerabilities and gaining access that could be exploited to undermine the election. Furthermore, Russian actors launched cyberattacks against at least 21 state voter registration and voter information systems, excluding New Jersey. |
2020 Elections - Iranian Hacking and Voter Intimidation Campaigns |
In November 2021, the U.S. Attorney’s Office for the District of Columbia indicted three Iranian hackers— Seyyed Mohammad, Hosein Musa Kazemi and Sajjad Kashian—for attempting to compromise the voter registration systems of 11 states and accessing confidential voter data from at least one state. In addition, posing as members of the Proud Boys, Kazemi and Kashian sent threatening messages to tens of thousands of voters in battleground states, intending to intimidate and influence voters, undermine voter confidence, and sow discord in connection with the 2020 U.S. presidential election |
2023 New Jersey State Elections Infrastructure Threat Activity |
The NJCCIC, in partnership with the New Jersey Department of State and its Division of Elections, implements various cybersecurity protections to safeguard the state’s election infrastructure from cyberattacks. In 2023, the NJCCIC’s defensive tools, technologies, and services detected and blocked over 105,000 indiscriminate and targeted attacks against the state’s elections infrastructure. These included phishing and malware laden emails, as well as web application, credential stuffing, and other infrastructure attacks. The NJCCIC expects to see more attempted attacks against the state’s election infrastructure in 2024. |
Emerging Threats Enabled by Technological Advances |
The rapid evolution and adoption of emerging technologies, such as AI, presents both unprecedented opportunities and complex challenges, significantly impacting the cybersecurity landscape in 2024. The NJCCIC assesses that in the near-term, threat actors will exploit generative AI to produce highly convincing and personalized phishing content at scale, increasing the effectiveness of these cyberattacks. Deepfakes powered by generative AI enable the fabrication of realistic yet entirely falsified audio and video content. Threat actors are already using deepfakes in sophisticated impersonation schemes for fraud and disinformation campaigns. The distribution of deepfake multimedia content on social media and other online networks will likely be used by adversaries to sway opinions; sow unrest; undermine political candidates and their campaigns, thus threatening the integrity of the election process; and damage the reputations of governments, organizations, and individuals. There is already evidence that threat actors are using AI to develop malware and leverage AI to discover vulnerabilities and optimize targeting efficiency. While these use cases are in their infancy, it is highly likely that over time, AI will be used to amplify the capabilities of threat actors and the potential harms they can cause. While AI brings immense societal benefits, unchecked proliferation also enables adversaries to weaponize these technologies against vulnerable targets at scale. AI and machine learning in critical systems introduce new attack surfaces ripe for exploitation. Adversarial techniques, such as data poisoning or evasion attacks, can manipulate AI models to misclassify malicious inputs or generate content that bypasses defenses. Autonomous vehicles, drones, robotics, and operational technologies in utility and manufacturing industries relying on AI for decision-making could be compromised to cause kinetic damage. As with any new and rapidly developing technology, there are many vulnerabilities in AI that have yet to be identified and addressed. For these reasons, governments and industry need to proactively implement and enforce strong AI governance models and risk management frameworks to effectively manage these risks. |
Systemic Cyber Risk |
In the current hyperconnected environment, a seemingly isolated system failure or compromise of an individual system can have cascading affects well beyond the initially affected system. Key systemic risks created by insecure software platforms, lack of visibility into third-party networks, and fragile supply chains create attack vectors for threat actors to compromise systems and cause cascading effects. As highlighted by the NotPetya, SolarWinds, MOVEit, and Citrix Bleed cyberattacks, such incidents have great impacts affecting societies, governments, industries, and individuals worldwide. In each of these instances, New Jersey organizations and individuals were adversely impacted. In another instance in which systemic risk figured prominently, a vulnerability discovered in December 2021 that allowed remote code execution via log messages due to improper input validation in the popular Java logging library, Log4j left hundreds of thousands of enterprises exposed until patched. This vulnerability was cited as a cause for the ransomware attack on one county in New Jersey. The systemic implications of cyberattacks on the critical infrastructure sector is highlighted by the 2021 Colonial Pipeline ransomware attack which disrupted the fuel supply throughout the Southeastern U.S. Systemic risk is exacerbated by the proliferation and resultant dependencies on information technology throughout all facets of society, which is expected to continue for the foreseeable future. The sustained integration of embedded and networked technologies into physical devices used by governments, organizations, and individuals will highlight vulnerabilities that are prone to exploitation as a result of malicious activity, malfunction, human error, and acts of nature. This proliferation also creates an expanding attack surface which provides current and future opportunities for threat actors. |
Conclusion of Cybersecurity Threats |
Based on an analysis of cyberattack trends and emerging threats; the motivations, capabilities, and targeting by various threat actor types; geopolitical issues; and systemic cyber risks, the NJCCIC assesses with high confidence that in 2024, New Jersey’s public and private sectors, critical infrastructure assets, and residents will continue to face an array of cyberattacks that are costly and operationally debilitating. These attacks will have the potential to adversely impact public health, the welfare and safety of our residents, the economy and public interests of the state, and national security. It is unrealistic to expect any one person or organization to defend against nation-state actors, criminal syndicates, hacktivists, cyber terrorists, and other threat actor groups who can launch attacks from anywhere in the world at any time of day or night. Effectively managing cyber risk requires a proactive and collaborative approach. Public- and private-sector organizations at the federal, state, and local levels, as well as businesses large and small, must collaborate by sharing threat intelligence, implementing robust cybersecurity standards, and fostering a culture of vigilance. |
READ MOREReporting |
The NJCCIC encourages recipients who discover signs of malicious cyber activity to contact them via the cyber incident report form at cyber.nj.gov/report. Additional resources can be found on the NJCCIC's website by visiting cyber.nj.go |