I downloaded the ISO from https://www.ubuntu.com/download, selecting the default "Ubuntu Desktop" option.
The website links the page https://tutorials.ubuntu.com/tutorial/tutorial-how-to-verify-ubuntu which gives instructions how to verify ubuntu.
This seems pretty tedious, and I am wondering how realistic it is that there is a problem with ISO downloaded from the official website. I note that the process of verification itself requires me to download software that is new to me, thus introducing another attack vector on me even as I am closing another one.
For what it's worth, I am planning to use Live USB only and not to fully install Ubuntu. Does that make a difference?