Historical trends over the past decade prove that when global conflicts arise, it’s inevitable that we’ll begin to see widespread cyberattacks shortly thereafter. This has been the case during the recent happenings between Russia and Ukraine, and Israel and Gaza. At the beginning of each crisis, we witnessed an immediate uptick in cyberattacks worldwide in areas such as DDoS, API and DNS attacks.
Following the Iranian missile strike in April, we have already seen and can expect a sustained increase in attacks — especially leading up to major upcoming events like the 2024 United States presidential election, the Olympic Games and the international soccer cup tournaments.
Everyone must be on high alert for the increasing threat of cyber warfare, and time is of the essence to establish preventative measures.
The spillover effect of geopolitical events
Geopolitical events spur cyberattacks because attackers want to sow chaos to gain advantage over their adversaries. Attackers gather intelligence and disrupt everything from critical infrastructure, politics and the economy. Monitoring the correlations between events like the Iranian missile strike and related attack traffic can help predict potential future attacks around similar events.
In the case of Iran, one cyber mitigation provider reported seeing approximately 2,130 DDoS attacks between April 12 and 13, around the time of the strike. In the days before, there was also an uptick in DDoS attacks, with the provider recording 1,494 attacks. This attack rate represented an astounding 589 percent increase from the April 2024 daily average for that provider.
In the aftermath of the strike, hacktivist groups also targeted key industries such as finance, government, utilities and education. Similarly, there was an uptick in DDoS threats from hacktivist groups against Jordanian organizations in response to their action in intercepting some of the Iranian missiles with unmanned aerial vehicles (UAVs).
Attacks stemming from geopolitical motives can also impact enterprises by disrupting services or compromising sensitive data. The higher risk of attacks and potential repercussions reinforce the need for establishment of robust security defenses.
Critical threats to watch out for
Considering this year’s election, it’s more likely that we’ll witness increased cybersecurity threats that will impact businesses, critical infrastructure and individuals involved. These events ratchet up the intensity of politically motivated attacks as nation-state actors often target event-specific infrastructure — such as election websites and systems — and increased data consumption of individuals, like tampering with online election content and political party platforms. The same holds true for major sporting events that will take place such as the Olympics.
The maturity of generative AI and its involvement in carrying out attacks is increasing the success efficacy of attackers, so defenses must take this into account. AI-generated deepfakes threaten election administration and security by impersonating candidates or other prominent figures. AI can also be used in phishing or smishing attacks to make them appear more legitimate and entice potential victims interested in political commentary or a particular sport.
Fraudulent bots will play a major role across social media as well. During the 2016 and 2020 elections, bots were used to echo messages and misinformation from political parties to increase voter outrage toward their candidates’ opponents. Bot controllers create accounts and steal more benign posts from real users to increase their reach. These accounts then interact with political posts to trick social media algorithms into thinking that the political posts are more popular than they actually are. Thanks to AI, bot activity will surely be repeated this election — only on a larger scale — as it has the power to better diversify content and appear like real users.
While it’s essential for organizations to be on high alert of potential threats ahead of this year’s major events, planning must start now. History has proven that any business, even those minimally involved in the event, can become a target.
Don’t wait until a major event happens to put defenses in place
Effective defenses against any attack are wholly dependent on preparation. Reactive measures will always cause delays in implementing protections and, in turn, getting those protections right. Having preparations in place will limit exposure considerably.
Threats like DDoS and attacks against APIs and DNS are a severe risk to business continuity. Organizations should continuously assess their attack surface and ensure they have protections or services in place against these types of attacks. There should also be continuous inspection of configuration, automation, integration and testing of response processes — even if there’s no indication of an imminent attack. Organizations should also increase their layered protections for ransomware, malware and other intrusion attacks, including implementation of zero trust frameworks, intelligent proxies and endpoint detection and response.
Adopting a proactive mindset
Everyone must be prepared for the inevitable attack before it happens. Global conflicts, social upheaval and major events heighten the opportunity for attacks, and enterprises and government entities alike need to be ready to detect, identify and block attacks as they happen.
The key is to think proactively to withstand whatever comes your way with minimal exposure. Businesses, critical infrastructure and governmental bodies should be taking the time to either put solutions in place or assess their current tech stack to prepare defenses before the upcoming periods of increased threats, like the U.S. election, the Olympics and the international soccer cup tournaments. Acknowledging the evolving threat landscape and taking action to improve defenses will drastically help organizations mitigate risks and safeguard their integrity.