new Research Lookout found that mobile threats affecting federal, state and local governments are on the rise. Lookout, a company that provides endpoint security services to the cloud, said that mobile phishing risks and vulnerabilities within government agencies have increased since 2021.
According to the data analyzed by the company, nearly 50% of phishing attacks targeting government employees in 2021 sought to steal credentials, up from 30% in 2020. Additionally, one in eight government employees experienced phishing threats. in 2021.
Lookout argues that “with more than two million federal government employees alone, this presents a significant potential attack surface as it only takes one successful phishing attempt to infiltrate an entire agency.” The report adds, “While mobile and cloud apps have helped [agencies] It remains productive while employees are working remotely, and it also greatly increases the risk of successful attacks.”
The report also found that federal, state, and local governments increased their reliance on unmanaged mobile devices by an average of 55 percent from 2020 to 2021, and that more than a third of state and local government (SLG) employees used their own devices in 2021. Lookout says this Indicates a move toward Bring Your Own Device (BYOD) to support a larger remote workforce.
“While this provides employees with greater flexibility, these unmanaged devices are more frequently exposed to phishing sites than managed devices,” the report says. “This is because unmanaged personal devices connect to a larger set of websites and use a larger set of applications.”
A rise in mobile phishing encounter rates was observed in both managed and unmanaged devices, increasing at rates of 48 percent and 25 percent, respectively, from 2020 to 2021. Lookout noted that the steady rise continued through the first half of 2022.
Looking specifically at the federal government, Lookout has seen a decrease in phishing exposure rates for unmanaged federal devices, indicating that agencies have increased security awareness of BYOD participants. However, phishing exposure rates for managed federal agencies increased from 2020 to 2021, and then decreased in the first half of 2022. Lookout expects holiday-focused phishing attacks in the second half of 2022 to drive up rates. exposure.
Lookout also discovered that nearly 50 percent of SLG Android users are running outdated operating systems (OS), exposing them to hundreds of device vulnerabilities. While still worrying, this percentage is a huge improvement compared to the 99 percent of SLG Android users who were running an older OS in 2020.
In terms of how cyber attackers use phishing attacks, malware delivery accounts for nearly 75 percent of all mobile phishing attacks across all industries. However, when targeting Federal and SLG entities, actors are increasingly concerned with the threat of using phishing attacks to obtain credentials. Lookout found that in 2021, nearly 50 percent of all phishing attacks sought to steal credentials.
Comparing 2021 and 2020, credential theft attacks against federal agencies increased by nearly 47 percent while malware delivery decreased by 12 percent. A similar trend was observed for SLG agencies, where credential theft attacks increased and malware gradually decreased.
Lookout says the increase in sophisticated attacks underscores the need to detect phishing and malware on mobile devices. “Cybercriminals are targeting mobile devices as an entry point to carry out more persistent and invasive attacks,” the report says. “All government agencies need mobile security that includes endpoint detection and response capabilities to proactively search for these threats, which have penetrated your environment.”