Businesses beware: Foreign threat actor risk is up in the United States. Widespread use of A.I. and generative tools allow foreign threat actors to target individuals and firms, launder their activities, and leak U.S. intellectual property.
And, because of the impending presidential election, firms are at increased risk of cybersecurity leaks and insider threats.
According to Avril Haines, the Director of National Intelligence, threats to I.P. and security use “[a] vast multimedia influence apparatus” to “erode trust in U.S. democratic institutions [and] exacerbate sociopolitical divisions in the United States.”
Attempts to thwart U.S. democracy are already at play more broadly: This August, Republican candidate Donald Trump’s campaign experienced a serious information leak propagated by “foreign sources hostile to the United States.” Early sources claim that Iranian hackers illegally obtained documents related to his campaign and sent them to a few major U.S. news sources.
Foreign threat actors act maliciously because they have much to gain and little to lose. More recently, foreign threat actors have identified commercial firms and use “emerging technologies–particularly generative A.I. and big data analytics” to “conduct targeted campaigns,” gathering U.S. firm’s information.
Chart illustrates the number of AI mentions alongside mentions of threat actor attacks in criminal forums. Data is from the Verizon 2024 Data Breach Investigations report.
Many of these attacks are conducted internally, with threat actors posing as candidates and, later, employees. Such was the case of KnowBe4, a U.S. I.T. security firm recently infiltrated by a North Korean threat actor using a fake I.D. Microsoft has also revealed its experience with four separate foreign threat actor campaigns.
All four of these attacks on U.S. voter behavior leveraged AI generation into their images and operations. However, Microsoft’s 2024 Threat Intelligence Report claims that “more recently, many actors have pivoted back to techniques that have proven effective in the past—simple digital manipulations.”
These are far from the only instances of foreign actor manipulation attempts; according to a 2023 Insider Threat Report, more than half of the 326 entities surveyed had experienced an insider threat in the last year. Worse, 74% of organizations said they were moderately vulnerable or worse to insider threats. Unfortunately, it’s likely that, in the face of the 2024 election, that statistic is much higher.
Where Is the Terrorism Threat?
Until recently, Russia was the most substantial national security risk to U.S. businesses through foreign threat actors, with a 2023 U.S. Intelligence Community report stating that Russian agents penetrated a significant number of state election systems.
However, according to new updates regarding an Iranian hack and attempt to thwart Donald Trump’s candidacy, Iran is perhaps an even greater risk. Cuba and China remain primary threats to the democratic process as well, with Chinese cyberattacks on the rapid rise.
In fact, just this May, seven Chinese cyberattackers were charged with conspiracy to commit computer intrusions and wire fraud. Following accounts of Chinese hackers’ cyber-attack activities, the U.S. federal government determined that the individuals spent 14 years targeting businesses and politicians in the U.S.
So, while Russian and Iranian threat actors pose a significant threat to U.S. national security, Chinese hackers emerge as a similarly serious threat to U.S. businesses.
Which Firms Are at Risk?
Startups and Young Firms
In July, the Office of the Director of National Intelligence’s (ODNI) National Counterintelligence and Security Center (NCSC) issued a warning to startups and young firms about “adversaries [who] continue to exploit early state investments in U.S. startups to take their sensitive data.”
While startups are at the forefront of innovation, they face significant risks in seeking foreign investment from VC and PE firms. In many cases, malicious foreign actors investing in U.S. startups threaten national security, directly leading to the startup’s failure.
Such cases aren’t uncommon. In January, the U.S. Department of Defense (DOD) added IDG Capital, a leading Chinese VC/ private equity firm, to its list of “Chinese military companies” operating directly or indirectly in the U.S. The firm has invested in over 1,600 companies, including several in the U.S.
In another case, a U.K. firm agreed to a takeover by a Chinese investor and transferred proprietary technology to the acquirer in exchange for a portion of the company’s sale price. After sharing its intellectual property, the investor abandoned the firm and made it bankrupt.
Startups largely foster an environment characterized by trust and enthusiasm, which sometimes translates to naivety. Startups eager to find their footing can be too trusting of foreign investors and may be targeted by malicious actors.
Technology Firms
Because of their product, tech firms are at significant risk of insider threat manipulation, particularly before the November election.
Due to the high work-from-home rates in the technology industry (67%), tech firms are often infiltrated through insider threats. Tech firms also have extensive cloud networks that lend themselves well to insider threat infiltration. 53% of technology firms say detecting insider threat attacks is more challenging because of the cloud.
All U.S. Firms
Unfortunately, because these tools are so mainstream, and because of foreign adversary’s vested interest in U.S. election processes, all firms operating within the U.S. are at risk to some degree.
As the Director for the Office of National Intelligence highlighted in July, many emerging risks to firms more broadly (and to their investors) are reputational. More foreign threat actors, particularly those from Cuba and Iran, rely on reputational smear methods to influence election activities.
Hacking and smear campaigns are examples of this evolving risk. Such campaigns primarily consist of cyber-enabled information operations or ‘hack and leak” campaigns. Foreign hackers compromise a target corporation or organization’s information systems, find sensitive internal documents, and publish them. Hack and leak operations are hazardous and pose a reputational risk to U.S. firms, particularly to financial institutions and healthcare corporations.
Other foreign threat actors are spreading misrepresenting ‘proof’ of cyber incidents at certain U.S. companies, posing another reputational risk. Some have even created fake cybercriminal personas and spread false reports.
Further attempts to manipulate the democratic process and leave firms susceptible to risk include compensating influential individuals (PEP risk) and social media influence, which is more popular among the general public.
What to Look Out For?
As new information becomes available, one question is at the top of U.S. companies’ minds: What do you look for when pinpointing an insider threat? Unfortunately, many foreign threat actors are highly skilled, spending much of their lives preparing for their jobs. Detecting such threats is often impossible, especially when firms rely on outdated verification and tracking tools.
However, there are a few indicators of foreign threat actor manipulation:
- Complex Ownership: A foreign investor leveraging beneficial ownership may use shell companies and offshore locations to hide malintent. Beneficial ownership detection mitigates reputational and financial risk for firms seeking foreign investment or partnerships.
- Intermediary Investment: A foreign investor may route an investment through funds, partners, or organizations in the U.S. to avoid CFIUS registration or national security detection. Generally, the more degrees of separation, the greater the risk.
- Limited Partner Investments: Foreign bad actors may use limited partnerships to gain access to U.S. businesses’ intellectual property or finances.
Vcheck’s ID Verification Solutions: How Due Diligence Mitigates Threat Risk
Foreign actors and insider threats are challenging to detect and even more challenging to stop. Unfortunately, with the election looming ever closer, U.S. firms risk losing their IP or proprietary information to those looking to disrupt democracy.
Thorough know-your-customer and know-your-investor due diligence is critical to mitigating foreign threat risk. Unfortunately, international reputational due diligence is complex, particularly in the countries most commonly associated with foreign threat actors, like China and Iran. Luckily, Vcheck offers clients research scope in 140+ countries, with extensive international research coverage in areas like China.
Vcheck offers clients the following tools to safeguard themselves from foreign threat manipulation:
- Antiterrorism risk solutions: From an antiterrorism perspective, espionage, security, and reputational risks posed by foreign cyberthreats threaten the core of U.S. democratic processes. Firms must be safeguarded with diligent antiterrorism countermeasures against financial or reputational risk.
- Continuous Monitoring: Regularly review user accounts and activities for suspicious behavior. Continuous monitoring can help pinpoint fake identities and AI use.
- Innovative ID Verification Solutions: Vcheck’s new, instant ID verification solutions assess a user’s identity and ID quality within seconds to determine AI generation and manipulation. Our software safeguards risk through joint authentication and verification, leveraging liveliness tests and IP address trackers to protect firms.
- KYC and Know Your Investor Due Diligence: A comprehensive risk requires a comprehensive risk assessment, one that discusses reputational risks accurately and concretely. Vcheck offers clients robust international capabilities, ensuring accurate results under challenging jurisdictions.
Because of the rise of AI and other generative tools, “the barriers to entry for foreign malign influence have unfortunately become incredibly small,” according to the Office of National Intelligence. Foreign adversaries have more incentives than detriments to manipulate U.S. politics, leveraging America’s declining trust in institutions to erode our political system.
By prioritizing identity verification and staying vigilant against evolving threats, organizations can significantly bolster their defenses against foreign actors and protect their valuable assets. In the context of the upcoming Presidential election, such efforts safeguard democratic processes more broadly, preserving the health and safety of all U.S. citizens.
Contact Vcheck to learn more about how we safeguard firms from cyber-infiltration and foreign threat manipulation.
Previous