State, Local Governments Facing Deluge Of Phishing Attacks

July 11, 2024 TH Author headline,hacker,government,cybercrime,fraud,phish

Threat actors are increasingly looking to prey on employees of state and local government agencies.

This according to research from email security specialist Abnormal Security. The company’s annual attack trends report found that between May of 2023 and 2024 observed phishing attempts on government offices rose by 360%.

“While phishing tends to consistently increase each year and regularly accounts for the majority of advanced threats, this level of growth is extraordinary,” noted Abnormal Security researcher Callie Baron.

The researchers believe the eye-popping jump in attacks is largely down to the increasing popularity of business email compromise (BEC) attacks, which rose by 70% over the 12-month period.

In a BEC attack, the threat actor impersonates an outside contractor or an accounting employee (using either a stolen email account or a lookalike) and convinces the target to either issue a new payment or reroute a pending payment to an account controlled by the attacker.

“These text-based emails rely on social-engineering tactics rather than technical exploits and rarely contain clear indicators of compromise, such as malicious links or attachments. As a result, they often evade detection by conventional security measures,” explained Baron.

“This positions employees — generally considered the Achilles’ heel of any organization’s cybersecurity — as the last line of defense.”

When successful, BEC attacks can result in massive losses, sometimes extending into millions of dollars.

State and city government agencies have traditionally been popular targets for such attacks because they often work with local contractors on construction and public works projects where regular payments are made for services and expenses, leading to complacency amongst employees.

Additionally, the transparency requirements that many government agencies must adhere to means that the attackers have the advantage of knowing precisely who to target and when to strike, said Baron.

“Since government entities often have mandated transparency and disclosure requirements, details about their operations, staff, and procedures are publicly available,” the researcher explained.

“Cybercriminals can exploit this information to craft more targeted and convincing malicious emails that are more likely to deceive targets into fulfilling fraudulent requests.”

Wire fraud is not the only reason for the rise in phishing. The researchers also noted that account takeover attacks, in which the attacker looks to take over a high-level or administrator account in order to breach an enterprise, rose 43%, indicating threat actors still consider phishing to be the most reliable method of breaking into a network.

“While it can be exceptionally difficult for any organization to detect a compromised account, considering the fact that the cybersecurity resources of many government entities are limited, there is an even higher chance that a successful account takeover would go undetected,” said Baron.