"Nearly 50% Of Phishing Attacks in 2021 Aimed at Government Employees Were Attempted Credential Theft"
Lookout's 2022 Government Threat Report shows that mobile phishing and device vulnerability risk is rising among US government agencies. In 2021, nearly half of all phishing attacks against government personnel would target employee credentials, up from 30 percent in 2020. Government agencies store and send various types of sensitive data, the protection of which is critical to the welfare of hundreds of millions of people. A breach of a government institution that results in the disclosure of sensitive information, the theft of credentials, or the forced disruption of activities due to ransomware can have a disproportionately large impact compared to a usual cybersecurity incident. In order to accommodate a bigger remote workforce, the federal, state, and local governments have increased their reliance on unmanaged mobile devices by 55 percent between 2020 and 2021, signaling a shift toward a Bring Your Own Device (BYOD) model. One out of every eight government employees was exposed to phishing attacks. With over two million federal government employees alone, this constitutes a substantial potential attack surface, as a single successful phishing attempt is sufficient to infect an entire agency. From 2020 to 2021, mobile phishing encounter rates for state and local governments on both managed and unmanaged devices increased by 48 percent and 25 percent, respectively. Through the first half of 2022, this steady ascent persisted. The sophistication of threat actors is increasing, with 16 percent of phishing attacks seeking to deliver malware. Nearly 50 percent of state and local government employees use outdated Android operating systems, leaving them vulnerable to many device vulnerabilities, but this is an improvement from 99.9 percent in 2021. This article continues to discuss key findings from Lookout's 2022 Government Threat Report.