This year marks a significant period for global elections, with over 60 scheduled worldwide, including national elections in the world’s five most populous countries. In fact, 2024 will witness a historic turnout of voters, with nearly half (49 per cent) of the world’s population having the opportunity to cast their votes.
Elections in countries such as the US, UK, Russia, Brazil, and the European Union will shape the geopolitical landscape. Additionally, Africa anticipates a “super election” year in 2024, with voters heading to the polls in several nations, including Algeria, Botswana, Ghana, Mozambique, Namibia, Rwanda, Senegal, South Africa, South Sudan, Togo, Tunisia, and more.
However, amid these crucial political decisions with global ramifications, looms the threat of disgruntled and dissident cybercriminals launching politically motivated distributed denial-of-service (DDoS) attacks.
Let’s delve into the phenomenon of election-related DDoS attacks and elucidate how changes in political leadership can disrupt cyberspace.
Political motivations have driven an upward trend in DDoS attacks in recent years. For example, Sweden faced a barrage of attacks as its bid to join NATO progressed, while Bangladesh was targeted ahead of last month’s general election. Additionally, an unusually contentious presidential election cycle in Colombia in 2022 witnessed successive waves of DDoS attacks.
In terms of election-related DDoS attacks, cybercriminals can obstruct voting processes through various means, including overwhelming voter information and registration sites, disrupting campaign websites, and targeting official results reporting. If these attacks occur close to voter registration or ballot casting deadlines, the public may be prevented from accessing essential online services, potentially disenfranchising voters.
Moreover, cybercriminals not only target election campaigns but also exploit the outcomes of these votes to unleash a surge in cyberattacks. For instance, in late 2023, the pro-Russian hacktivist group NoName057 launched attacks on the Polish government following the election of Prime Minister Donald Tusk. The new government’s support of Ukraine, contrary to the threat actors’ interests, seemingly fueled this escalation in attack activity.
Hacktivist groups like NoName057 and Anonymous Sudan engage in political and religious warfare against nations or officials perceived as obstacles to their ideals and goals. These groups often target nations deemed ‘anti-Muslim’ or those showing support and solidarity with Ukraine, attacking any entity that diverges from their agenda.
Therefore, governments, service providers, enterprises, and society at large must prepare for an increase in DDoS attacks this year, given the multitude of elections taking place. This necessitates organizations implementing industry best practices (BCPs) while ensuring their DDoS protection solutions are robust and ready to counter the threat posed by hacktivist groups.
By Richard Hummel, NETSCOUT‘s threat intelligence lead.