Researchers at Abnormal Security have observed a 360% increase in phishing attacks against state and local government entities over the past year.
The researchers write, “While phishing tends to consistently increase each year and regularly accounts for the majority of advanced threats, this level of growth is extraordinary.”
Threat actors often use phishing to gain a foothold within an organization before launching more follow-on attacks.
“Typically, phishing is just the first phase in various criminal schemes, functioning more as a means to secure initial access rather than the primary objective,” the researchers write “A successful credential phishing attack allows threat actors to obtain usernames and passwords that they can use to compromise additional accounts and initiate more costly campaigns. Phishing emails can also be a mechanism for deploying malware, which enables attackers to disrupt operations, execute espionage, or steal or ransom data. Governments in particular are often seen as high-value targets for ransomware due to their critical operations and potential willingness to pay ransoms to restore services quickly.”
Abnormal Security also found that business email compromise (BEC) attacks in the public sector have risen by 70% over the past year. These attacks often bypass technical security measures because they rely solely on social engineering rather than trying to deliver a malicious link or file.
“A successful BEC attack requires a bad actor to convince the target that 1) they are the person they claim to be and 2) their request is legitimate,” the researchers explain. “Since government entities often have mandated transparency and disclosure requirements, details about their operations, staff, and procedures are publicly available. Cybercriminals can exploit this information to craft more targeted and convincing malicious emails that are more likely to deceive targets into fulfilling fraudulent requests.”
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Abnormal Security has the story.
Here's how it works:
