Phishing attacks on state and local governments surge by 360%

Share post:

Phishing attacks targeting state and local governments have surged by 360% between May 2023 and May 2024, according to recent research from Abnormal Security. These attacks pose significant risks, as they target critical infrastructure, public utilities, and sensitive data. Government systems, which often operate with limited cybersecurity resources, are especially vulnerable. Additionally, Business Email Compromise (BEC) and Vendor Email Compromise (VEC) attacks have increased by 70% and 105%, respectively. Cybercriminals exploit the trust and transparency inherent in government operations, making these entities prime targets for sophisticated email attacks.

The report also looks at why governments are such good targets for these attacks, namely:

1. Valuable Data: Governments hold sensitive information, including personal data, classified documents, and critical infrastructure details.
2. Critical Services: Disrupting operations can have wide-reaching impacts, making attacks potentially more rewarding.
3. Budget Constraints: Limited cybersecurity budgets and resources make it challenging to implement and maintain robust security measures.
4. Election Vulnerability: Elections are high-stakes events, attracting cybercriminals and nation-state actors aiming to disrupt or influence outcomes.

Another noted aspect of these attacks is how increasingly sophisticated they have become, not in technical terms, but in how well they exploit and manipulate the staff of these organizations. Most still rely on phishing as their first level of attack. But Business Email Compromise (BEC) has not only increased in volume of attacks, but increasingly relies on sophisticated social engineering as opposed to technical exploits.

In addition to the increases in volumes of attacks, by leveraging supply chain vulnerabilities, the attackers can gain wider access to targets by exploiting trusted relationships. Vendor email compromise (VEC) has doubled in frequency, exploiting the trust between governments and their vendors. In addition, account takeover attacks have increased by 43%, providing wide access to systems and networks.

NOTE: We are always cautious about providing research from vendors, but the data they shared not only appeared credible but is in keeping with our experience and the opinions of security experts we speak to regularly. No doubt this vendor has a solution that they will propose – we make no comment on that. But we do feel that this is an increasing problem in both the US and Canada and we include this story to draw attention to it. – Ed.

 

SUBSCRIBE NOW

Related articles

AWS Launches Physical Locations for High-Speed Cloud Data Uploads

Amazon Web Services (AWS) unveiled a novel service at its re:Invent 2024 conference: Data Transfer Terminal, a network...

Russian State-Backed Cyber Attack Exploits Zero-Day Vulnerabilities in Windows and Firefox

Headline: A sophisticated cyberattack leveraging two chained zero-day vulnerabilities in Mozilla Firefox and Microsoft Windows has been confirmed by...

OpenAI’s Text-to-Video Generator Leaked by Disgruntled Artists

A group of 16 artists has leaked OpenAI's unreleased text-to-video generator, Sora, accusing the $157 billion AI company...

Who Owns Your Social Media Accounts? Elon Musk Says YOU Don’t. Hashtag Trending for Thursday, November 28, 2024

Can AI help accelerate renewable energy projects?  Artists leak OpenAI’s New Video Tool In Protest, and Who really...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways