Threat groups are increasingly looking for credentials in their phishing attacks targeting government employees’ mobile devices, and nearly half of mobile phishing attacks in 2021 were aimed at stealing government credentials, an increase from the previous year.
That’s according to a new report by Lookout, which reviewed data from 2021 and the first half of 2022 specific to its federal, state and local government user base. The government-specific data is collected from telemetry data of more than 200 million devices and more than 175 million apps. The report found that mobile phishing attacks targeting the credentials of federal, state and local government staff increased from 31 percent in 2020 to 46 percent in 2021, while those delivering malware decreased slightly from 79 percent in 2020 to 70 percent in 2021.
“Malware delivery continues to account for approximately 75 percent of all mobile phishing attacks across all industries,” according to Lookout researchers in a report Wednesday. “However, when targeting federal, state and local government entities, threat actors are increasingly using phishing attacks to remove credentials rather than deliver malware.”
Overall, researchers saw a steady increase in mobile phishing attempts for state and local governments across both managed and unmanaged devices, with attempts increasing 48 percent for managed devices and 25 percent for unmanaged devices from 2020 to 2021. Researchers gave Lookout noted that this climb has occurred. continue through the first half of 2022.
Phishing attacks targeting the government sector can have a range of malicious objectives. In March, the FBI warned that US election officials and other state and local government officials in at least nine states received invoice-themed phishing emails, in some cases sent from legitimate compromised email addresses. The emails, observed in October 2021, shared similar attachments and were sent close in time, which the FBI said suggested a “concerted effort” to target election officials. The phishing emails led recipients to a website designed to steal their login credentials.
“There is a lucrative underground market in the dark web for stolen credentials/stolen information,” said Steve Banda, senior manager for security solutions at Lookout. “We don’t expect this to slow down anytime soon. Cybercriminals are financially motivated to steal and sell credentials in these forums. Attackers ultimately use this data to gain deeper access to government systems. authenticated, they can move laterally within an often undetected environment, which separates sensitive information that can be used in unfavorable ways.”
