Threat groups are increasingly looking for assurances in their phishing attacks targeting the mobile phones of government employees, with nearly half of phishing attacks in 2021 aimed at stealing government data increasing from last year.
That’s according to a new Lookout report, which reviewed data from 2021 and the first half of 2022 specific to its federal, state, and local government user base. Government-specific data is collected from the telemetry data of more than 200 million devices and more than 175 million applications. The report found that phishing attacks targeting local, state and local government employees increased from 31 percent in 2020 to 46 percent in 2021, while those delivering malware fell slightly from 79 percent in 2020 to 70 percent by 2021.
“Malware delivery continues to represent approximately 75 percent of all phishing attacks across all industries,” according to Lookout researchers in a report Wednesday. “However, when it comes to federal, state, and local governments, threat actors are increasingly using phishing attacks to obtain credentials rather than deliver malware.”
Overall, the researchers saw a continued increase in mobile phishing attempts by state and local governments across managed and unmanaged devices, with attempts increasing 48 percent on managed devices and 25 percent on unmanaged devices from 2020 to 2021. Lookout researchers noted that this increase has increased and continued in the first half of 2022.
Phishing attacks targeting the public sector can have a variety of malicious intent. In March, the FBI warned that US elections and other state and local government officials in at least nine states had received phishing emails, in some cases sent from legitimate email addresses. The emails, which were noticed in October 2021, shared similar attachments and were sent around the same time, the FBI said, suggesting a “concerted effort” to target election officials. Phishing emails lead recipients to a website designed to steal their login information.
“There is a very lucrative underground market in the dark space for stolen/stolen information,” said Steve Banda, senior manager of security solutions at Lookout. “We don’t expect this to slow down anytime soon. Cybercriminals are financially motivated to steal and sell credentials on these platforms. This data is ultimately used by attackers to gain deep access to government systems. Once authenticated, it can travel widely across the environment often without detection, it releases sensitive information that can be used in malicious ways.”