How AI poses a threat to election security

One month before the 2024 US elections, election security is a top priority. The importance of an upcoming election inevitably means a higher level of media attention, making it a perfect target for cybercriminals. There have been a number of incidents, including an assassination attempt on former President Donald Trump. The Trump campaign was also hacked last summer, underscoring the importance of enhanced physical security and cybersecurity.

“In our research into cybercriminals, we find that they are often motivated and emboldened by media attention and engagement. In this case, we have seen them reach out directly to high-profile media outlets to celebrate their activities. “This highlights the need to investigate and report on the behavior of criminal actors to ensure that everyday people and organizations are equipped with the education and intelligence to combat threats, rather than placing too much emphasis on the threat actor itself,” says John Fokker , Head of Threat Intelligence at Trellix.

The amount of sensitive information surrounding elections also makes them attractive to threat actors. It takes a lot of people to run a campaign smoothly, from security to assistants to hotel staff while the candidate is on the road. Candidate safety is a top priority, so communications between an entire campaign team must be secure.

These risks make elections a critical time for security professionals as they must address a wide range of concerns.

“We can expect a significant increase in disinformation and phishing attacks as the United States prepares for early or mail-in voting in the 2024 elections. Most of these attacks are likely to come from cybercriminals spreading disinformation about how and where to vote. This year’s phishing campaigns could be more sophisticated and comprehensive, as non-native speakers of English or Spanish will be able to leverage large language models to create realistic messages,” said Kayne McGladrey, IEEE Senior Member.

Because of the speed of the news cycle, misinformation can cause great harm before it is refuted. Security leaders should carefully monitor any headlines that could affect them, from a misquoted campaign speech to the deliberate spread of disinformation. Elections are also a time when political organizations begin to reach out to their voters, and this can make it easier for cybercriminals to inject phishing campaigns. Security leaders should remind employees never to click on unknown links, especially on company devices.

The 2024 election poses new risks compared to previous elections as artificial intelligence (AI) poses a number of security threats. There have already been cases where AI has been used to fake photos and events, including fake endorsements from celebrities and other political figures.

“During the 2024 election cycle, AI has opened the door to entirely new types of phishing scams and is playing a major role as these scams aim to attack and thwart cybersecurity measures. A significant threat to watch out for during the election is disinformation from alleged business and government leaders and influencers, designed to change the public’s views and opinions, influence their beliefs, and motivate them to take often destructive actions. Using AI to make these executives and influencers “say” the disinformation in videos and audio is making it increasingly difficult for the general public to recognize that it was created by AI. An important way to prevent the success of such deceptions is to provide effective training on how to use AI in phishing tactics and other types of scams, how to recognize these scams, and how to respond to such situations. Such training must be continued with several regular reminders of the lessons taught during the training,” says Rebecca Herold, IEEE member.

Given the numerous risks associated with the upcoming election, it is important for security leaders to remain vigilant through November 5th.