Phishing attacks targeting state and local governments have surged by 360% between May 2023 and May 2024, according to recent research from Abnormal Security. These attacks pose significant risks, as they target critical infrastructure, public utilities, and sensitive data. Government systems, which often operate with limited cybersecurity resources, are especially vulnerable. Additionally, Business Email Compromise (BEC) and Vendor Email Compromise (VEC) attacks have increased by 70% and 105%, respectively. Cybercriminals exploit the trust and transparency inherent in government operations, making these entities prime targets for sophisticated email attacks.
The report also looks at why governments are such good targets for these attacks, namely:
1. Valuable Data: Governments hold sensitive information, including personal data, classified documents, and critical infrastructure details.
2. Critical Services: Disrupting operations can have wide-reaching impacts, making attacks potentially more rewarding.
3. Budget Constraints: Limited cybersecurity budgets and resources make it challenging to implement and maintain robust security measures.
4. Election Vulnerability: Elections are high-stakes events, attracting cybercriminals and nation-state actors aiming to disrupt or influence outcomes.
Another noted aspect of these attacks is how increasingly sophisticated they have become, not in technical terms, but in how well they exploit and manipulate the staff of these organizations. Most still rely on phishing as their first level of attack. But Business Email Compromise (BEC) has not only increased in volume of attacks, but increasingly relies on sophisticated social engineering as opposed to technical exploits.
In addition to the increases in volumes of attacks, by leveraging supply chain vulnerabilities, the attackers can gain wider access to targets by exploiting trusted relationships. Vendor email compromise (VEC) has doubled in frequency, exploiting the trust between governments and their vendors. In addition, account takeover attacks have increased by 43%, providing wide access to systems and networks.
NOTE: We are always cautious about providing research from vendors, but the data they shared not only appeared credible but is in keeping with our experience and the opinions of security experts we speak to regularly. No doubt this vendor has a solution that they will propose – we make no comment on that. But we do feel that this is an increasing problem in both the US and Canada and we include this story to draw attention to it. – Ed.