CISA, FBI warn of potential DDoS attacks on 2024 elections

Two federal agencies urged voters to be prepared for distributed denial-of-service (DDoS) attacks on infrastructure used to support the 2024 election in November.

The FBI and Cybersecurity and Infrastructure Security Agency (CISA) published a public service announcement on Wednesday preemptively outlining what a DDoS attack on election infrastructure will look like.

The agencies said DDoS attacks targeting election infrastructure “could prevent a voter from accessing websites containing information about where and how to vote, online election services like voter registration, or unofficial election results.”

CISA Senior Advisor Cait Conley said DDoS attacks are a tactic election agencies have seen in the past and “will likely see again in the future, but they will NOT affect the security or integrity of the actual election.” DDoS attacks typically overload websites with requests, knocking them offline for several minutes or hours.  

“They may cause some minor disruptions or prevent the public from receiving timely information,” she said. “It is important to talk about these potential issues now, because nefarious actors, like our foreign adversaries or cybercriminals, could use DDoS incidents to cast doubt on the election systems or processes.” 

FBI Deputy Assistant Director Cynthia Kaiser called DDoS attacks “low-level” in terms of cyberthreats and said there continues to be a prevalence of false claims by threat actors about DDoS incidents in prior U.S. and foreign elections. 

She anticipated similar incidents in the coming election that would knock out election-related websites like voter look-up tools.

CISA and the FBI reiterated that DDoS attacks have no effect on the underlying data and internal systems behind websites and the actual voting process would never be affected.   

Both agencies said they “have no reporting to suggest a DDoS attack has ever prevented an eligible voter from casting a ballot, compromised the integrity of any ballots cast, or disrupted the ability to tabulate votes or transmit election results in a timely manner.”

During the last election season in 2022, multiple Mississippi state websites were knocked offline by DDoS attacks but the election system was never compromised. The attack was eventually claimed by pro-Russian hacking groups, which have been behind hundreds of similar attacks on U.S. critical infrastructure over the last two years. 

This week, a pro-Russian group took credit for a DDoS attack on Microsoft that hampered cloud services offered by the tech giant for several hours on Tuesday. 

Experts have warned that hackers are increasingly gaining the ability to cause bigger and bigger incidents. 

Rody Quinlan, staff research engineer for Tenable, said modern DDoS attacks are more sophisticated and larger in scale, often using vast botnets of compromised IoT devices to execute assaults targeting different infrastructure simultaneously.