Threat Actors Pivot to Credential Theft in Government Mobile Phishing Attacks

Threat groups are increasingly hunting for credentials in their phishing attacks targeting the mobile devices of government officials, with nearly half of mobile phishing attacks in 2021 aimed at stealing government credentials, an increase from the previous year.

That’s according to a new report from Lookout, which examined data from 2021 to the first half of 2022 specific to its federal, state and local government user base. The government-specific data is collected from telemetry data from more than 200 million devices and more than 175 million apps. The report found that mobile phishing attacks targeting the credentials of federal, state and local government employees increased from 31 percent in 2020 to 46 percent in 2021, while those delivering malware decreased slightly from 79 percent in 2020 to 70 percent in 2021.

Also Read :  Facebook in Race Against Time to Turn ‘Metaverse’ Into Success

“Malware delivery continues to represent approximately 75 percent of all mobile phishing attacks across all industries,” according to Lookout researchers in Wednesday’s report. “But when you target federal, state and local government entities, threat actors are increasingly using phishing attacks to collect credentials rather than deliver malware.”

Overall, the researchers saw a steady increase in mobile phishing attempts for state and local governments across both managed and unmanaged devices, with attempts increasing by 48 percent for managed devices and 25 percent for unmanaged devices from 2020 to 2021. more through the first half of 2022.

Also Read :  Russia rejects $60-a-barrel cap on its oil, warns of cutoffs – KIRO 7 News Seattle

Phishing attacks targeting the government sector can have a number of malicious purposes. In March, the FBI warned that U.S. elections and other state and local government officials in at least nine states had received phishing emails with invoices sent in some cases from compromised legitimate email addresses. The emails observed in October 2021 shared similar attachments and were sent close in time, which the FBI said suggested a “concerted effort” to target election officials. The phishing emails directed the recipients to a website to steal their login credentials.

Also Read :  Home Internet Cheat Sheet: Your Guide to Broadband Basics and Beyond

“There is a lucrative underground market on the dark web for stolen credentials/stolen information,” said Steve Banda, senior manager of security solutions with Lookout. “We don’t expect this to slow down anytime soon. Cybercriminals are financially motivated to steal and sell credentials in these forums. This data is ultimately used by attackers to gain deeper access to government systems. Once authenticated, they can laterally within move. an environment often undetected, exfiltrating sensitive information that can be used in harmful ways.”


Leave a Reply

Your email address will not be published.

Related Articles

Back to top button