With national elections coming up later this year, US public-sector organizations are experiencing unprecedented levels of phishing attacks designed to dupe government staff into opening weaponized links in fake emails.
According to email security firm Abnormal Security: “Between May 2023 and May 2024, public sector organizations experienced an astounding 360 percent growth in phishing attacks. While phishing tends to consistently increase each year and regularly accounts for the majority of advanced threats, this level of growth is extraordinary.”
Government systems have become prime targets for organized cybercriminals as they typically hold a wealth of valuable and sensitive data, such as residents’ personal information, classified documents, banking and payment card information, and details of critical infrastructure.
“If a bad actor gains access to this information, they can sell it on the dark web, commit identity theft, or launch additional attacks…A single successful attack on a government agency can be absolutely devastating—putting public utilities, emergency services, and even individual citizens at risk,” says Abnormal.
BEC attacks cost public sector $2.9 billion in 2023
Another type of attack that is also on the rise in the public sector in the US is business email compromise (BEC), where an attacker falsifies an email message to trick the victim into performing some action, such as transferring money to an account or location the attacker controls. According to Abnormal, there has been a 70 percent increase in public sector BEC attacks over the past year, with .$2.9 billion in losses recorded in 2023 alone. These rarely contain clear indicators of compromise, such as malicious links or attachments, so they often evade detection by conventional security measures.
A variation of this type of attack is vendor email compromise (VEC). Much like traditional BEC, vendor email compromise (VEC) involves the exploitation of a trusted identity. In these attacks, however, the person being impersonated is an external third party rather than an internal employee. This is an increasingly popular strategy for bad actors targeting government agencies, as these attacks rose by 105 percent between May 2023 and May 2024.
According to Abnormal, account takeover attacks on public bodies, which have risen by 43 percent in the past year, maybe the most dangerous form of attack. Once an account has been compromised, cybercriminals can perform a variety of malicious acts, such as exfiltrating sensitive data, infiltrating connected applications, or using the account to send more attacks.
