Examine our research from the last year in the ReliaQuest 2024 Annual Cyber-Threat Report
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
March 26, 2024
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
More results...
In 2016, Russian nation-state-linked threat actors infamously compromised the Democratic National Convention (DNC), wedging a divide in the political party by leaking internal emails to Wikileaks that suggested the convention was rigged in favor of one candidate. It was later discovered that the Russia-based cybercriminals infiltrated the DNC’s networks unnoticed as early as March 2016, months before the actual convention. The DNC compromise was just the tip of the iceberg, and the social media disinformation campaign that came in its wake set out to further divide the country along ideological lines. Although this campaign’s effectiveness is still debatable today, the elaborate scheme sounded like it came straight out of a Tom Clancy novel.
With the news cycle primarily dominated by the COVID-19 global pandemic, you might have missed the news that foreign actors are trying to undermine the American election process in 2020, as they did in 2016. Although we might have short-term memories from this year’s roller-coaster news cycle, it should come as no surprise that the United States is, once again, the target of foreign interference in a highly contested election year. With just seven days to the election, attempts to undermine American democracy have already emerged from different corners of the world, and intelligence officials have warned there could be more to come.
Although we cannot corroborate reports surfacing on attempts at election interference in 2020, in this blog, we wanted to expand on four key takeaways:
Before we jump into the nitty-gritty of our analysis on disinformation campaigns and cyber threats affecting the 2020 US election, we want to make sure that we’re all on the same page when distinguishing disinformation from misinformation.
Misinformation includes all information that’s wrong – from seemingly harmless errors like a mislabeled graph to more insidious and untrue rumors like washing your hands is bad for your immune system. Disinformation is the intentional manipulation of information to exert influence over you, often with false or deliberately misleading information snippets to introduce confusion, reinforce stereotypes, or inflame fears.
The Russian state is among the most successful operators of disinformation campaigns. Russia’s attempts at broader political influence overseas have been facilitated by its use of state-owned traditional media, bots, “hack and leak” operations, and cooperation between organized crime groups and Russian government agencies. In other words, it’s an orchestrated operation that seems to operate without boundaries, and its lead-conspirators revel in attempts at subverting American democracy. Operations uncovered by US and UK intelligence communities can be linked to Russia’s Foreign Intelligence Service (SVR) and the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU), two institutions that have a history of anti-democratic actions. However, it’s the well-trained, sophisticated cybercriminals operating on their behalf that push disinformation we might encounter in our social media feeds.
Russian cybercriminals focus on division in the US seems to be the preferred tactic in 2020, and while it also was part of the “Russian playbook” in 2016, political divisions seem to have surpassed those of 2016. These trolls’ disinformation campaigns try to establish authenticity by creating blogs, news stories, and social media accounts and groups that unsuspecting users might gravitate towards. By using popular social media platforms and targeting micro-communities that share common ideologies, disinformation can quickly go viral.
Russia’s Internet Research Agency (IRA), which allegedly takes its direction from the Kremlin, has been primarily responsible for this interconnected “carousel of lies,” as one former member of the IRA described it. In many cases, the fake news stories they spread are more appealing to Americans due to pop culture references, pictures, and cartoons. In September 2020, it was reported that Facebook had taken down groups and accounts that were affiliated with the deceptive news organization, Peace Data, but not before hundreds of stories were shared on Facebook. At its height, Peace Data was known for pushing far-left stories that were either misconstrued or completely false. According to the FBI, people formerly associated with the IRA were responsible for spreading this disinformation. Adding insult to injury, the trolls responsible managed to fool American freelance journalists into writing stories for Peace Data, unknowingly pushing a Russian agenda to divide Americans further.
Although social media companies have taken down groups and articles spreading disinformation, organizations such as QAnon, a far-right conspiracy group, have found ways to propagate false information and attract many followers. Twitter announced they had taken down “the worst” QAnon accounts in July 2020, but by some estimates, more than 93,000 QAnon-related accounts remain on Twitter. It wasn’t until October that Facebook and Youtube announced bans on QAnon content. Still, before tech giants attempted to suppress the disinformation, Russian cybercriminals were hard at work, helping to push QAnon conspiracy theories. They used the conspiracies to help fit their narrative of “the US is falling apart, look how much division there is.” Twitter accounts that could be traced to Russia’s IRA reportedly sent a high volume of tweets tagged with #QAnon, and helped propagate misleading or false narratives related to child trafficking and COVID-19, among others. Russian government-backed media outlets, such as RT and Sputnik, also increased coverage of QAnon. If the disinformation wasn’t alarming enough, the QAnon movement prompted the FBI director to designate QAnon as a domestic terror threat due to its potential to “incite extremist violence.”
It’s not just Russia that is capitalizing on the runup to the US elections. According to William Evanina, the United States National Counterintelligence and Security Center (NCSC) Director, “Iran seeks to undermine US democratic institutions and divide the country in advance of the 2020 elections”. He even named Iran as a “top three” threat to the election. Iranian cybercriminals are likely focusing on online influence operations, including social media disinformation campaigns and promulgating anti-American content. These operations were evident in a report issued by the United States Department of Justice (DOJ) in early October, confirming that Iran’s Islamic Revolutionary Guard Corps (IRGC) targeted the US from multiple separate domains with Iranian propaganda to influence US domestic and foreign policy. One of the domains, newsstand7[.]com, used the slogan “Awareness Made America Great” and published articles relating to US President Donald Trump, the Black Lives Matter movement, US unemployment, COVID-19, and police brutality.
Cyber threat actors linked to the People’s Republic of China (PRC) have made quite a lot of noise in recent years, and 2020 is no different. Earlier this year, cybersecurity teams at Twitter and Google observed a broad campaign from Chinese cybercriminals that overlapped on several social media platforms, primarily on Twitter and YouTube. On Twitter, the compromised accounts spread geopolitical narratives favorable to the Communist Party of China (CCP) and pushed reports about the political dynamics in Hong Kong. On YouTube, threat actors acquired or hijacked existing accounts and posted spam content, some of it harmless content about animals, music, or food. However, the content on many of the compromised accounts pushed narratives similar to those on the Twitter accounts. Also, it highlighted controversial current events in the US, including protests, the wildfires on the west coast, and COVID-19. Fortunately, the social media platforms’ aggressive approach was able to minimize the impact by removing the accounts while still holding low numbers of followers and low engagement. The campaign demonstrated how sophisticated foreign actors might take an unconventional approach to sway public opinion with disinformation by hijacking seemingly legitimate accounts instead of creating their own.
Intelligence officials have warned that foreign adversaries have an agenda that one presidential candidate may better serve in terms of foreign policy. That is why one tactic in the playbook of nation-state actors is hack and leak operations, which may explain the targeting of the Joe Biden and Donald Trump presidential campaigns. State actors have been observed sending spearphishing emails to the respective campaigns’ employees, attempting to access internal networks and confidential information. It was observed that Russia’s “Fancy Bear” (aka APT28) attacked more than 200 organizations, including political campaigns, advocacy groups, parties, and political consultants. “Judgement Panda” (aka APT31), a Chinese state-associated APT group, attacked email accounts of some high-profile individuals from the Democratic (Joe Biden) campaign, and “Charming Kitten” (aka APT35), an Iranian state-associated APT group, made multiple attempts to attack the personal accounts of individuals associated with the Republican (Donald Trump) campaign. While not all attempts were successful, these attacks demonstrate intent to disrupt and influence the democratic process. Information obtained can be used in future disinformation campaigns, credential stuffing attacks, extortion attacks, or phishing attacks. Of course, it’s very difficult to establish whether these operations could influence any individual outcome of the election, but they could possibly achieve broad objectives around creating an atmosphere of distrust or otherwise fracturing society. This scenario begs the question, are we on the cusp of a late-October or early-November bombshell report that comes from information obtained during a hack and leak operation? Only time will tell.
There is a serious concern with the development of cyberattacks and ransomware campaigns that may seek to target networks and machines critical in running US elections, primarily since nation-state attackers have already conducted surveillance operations on infrastructure that could impact the day of the US election. The US government considers ransomware a top threat to the US 2020 elections, as attacks can hold voter information and election results hostage, impacting election systems. A ransomware attack could deny access to voter registration data, election results, and other sensitive information. It could also inhibit access to essential election systems during critical operational periods, such as the date of the election, November 3rd. To highlight the importance of necessary safeguards for the election, the NCSC listed at least 18 different needs to be addressed for election security.
So what happens when disinformation and legitimate concerns of cyberattacks join forces? In the coming days and weeks, the foreign disinformation campaigns may attempt to play on voters’ fear, uncertainty, and doubt (FUD). Due to the COVID-19 pandemic, more Americans are voting via mail-in ballots and absentee ballots than ever before. As a result, the election results may remain unknown for days or even weeks by some experts’ predictions. Why does this matter? According to the Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA), threat actors could exploit incomplete results on the evening of the election by spreading false information regarding voter suppression and the launching of cyberattacks targeting election infrastructure, voter or ballot fraud, and other problems intended to convince the public of the elections’ illegitimacy. This possibility prompted CISA to issue consecutive alerts in September 2020, urging the American people to evaluate election information sources during and after the election critically. CISA also warned malicious actors could use online platforms to falsely suggest that successful cyber operations have compromised election infrastructure and facilitated the “hacking” and “leaking” of US voter registration data.
If you’re anything like me, maybe you’ll do your best to tune out social media until the election is over, however difficult that may be. I think we’ve all done enough “doom scrolling” (the tendency to continue to surf or scroll through bad news) in 2020 for one lifetime. Plus, do you want to be the person who shares an article created by a cybercriminal in Moscow? Of course not. Instead, you’d probably like to expose your crazy Uncle Bob at a holiday dinner for his outlandish conspiracy theories. But if you do continue to doom scroll right into November 3rd, remember that your state and local election officials are the best sources of accurate information.
Whoever your candidate is, go vote in 2020, and be safe out there.