Threat Actors Pivot to Credential Theft in Government Mobile Phishing Attacks

Threat groups are looking for credentials in phishing attacks targeting government employees’ mobile devices, with nearly half of mobile phishing attacks targeting government credentials in 2021, compared to the previous year.

That’s according to a new report from Lookout, which looked at data specific to the federal, state and local government user base for 2021 and the first half of 2022. Data for the government is collected from telemetry data from more than 200 million devices and more than 175 million applications. The report found that mobile phishing attacks targeting credentials of federal, state and local government employees increased from 31 percent in 2020 to 46 percent in 2021, while malware vendors decreased from 79 percent in 2020 to 70 percent in 2021.

Also Read :  Governing a world of 250 million robots

“Malware delivery accounts for approximately 75 percent of all mobile phishing attacks across all industries,” said a report Wednesday by Lookout researchers. “However, when targeting federal, state and local government entities, threat actors often use phishing attacks to collect credentials rather than deliver malware.”

Overall, the researchers observed a steady increase in mobile phishing attempts for state and local governments on both managed and unmanaged devices, with activity increasing by 48 percent for managed devices and 25 percent for unmanaged devices from 2020 to 2021. Continued in the first half of 2022.

Also Read :  ‘I hurt my baby,’ capital murder jurors hear Mobile man tell police officer

Phishing attacks targeting the public sector can have a number of malicious purposes. In March, the FBI warned that U.S. Elections and other state and local government officials in at least nine states had received phishing emails for invoices sent in some cases from compromised legitimate email addresses. Emails spotted in October 2021 shared similar attachments and were sent so soon that the FBI suggested the emails were a “coordinated effort” to target election officials. Phishing emails lead recipients to a website designed to steal login credentials.

Also Read :  Democratic candidates get "vile" calls after personal cell phone numbers put on opponents' mailings

“There is a lucrative underground market for stolen credentials/stolen information on the dark web,” said Steve Banda, senior manager of security solutions at Lookout. “We don’t expect this to slow down any time soon. Cybercriminals are financially motivated to steal and sell credentials on these forums. These data are ultimately used by attackers to gain deeper access to government systems. Once authenticated, they can move around the environment, often undetected, and can be used in malicious ways. will leak confidential information.”


Leave a Reply

Your email address will not be published.

Related Articles

Back to top button