This year, expect to see a record number of cyberattacks on government agencies as hackers ramp up their efforts ahead of the 2024 U.S. presidential election.
Bad actors targeting the public sector are on the rise, and they're favoring phishing attacks as the modus operandi. According to the 2024 Verizon Data Breach Investigations Report (DBIR), phishing accounted for 66% of public sector breaches last year. Cyberattacks that target mobile devices for social engineering have become popular among attackers trying to invade government systems. For example, the Securities and Exchange Commission's X account hack in January resulted from a SIM swap attack. Let's examine how attackers target mobile devices and the steps government agencies -- and their private sector partners -- should take to mitigate the risk.
The Verizon DBIR reveals that stealing money is a primary motivation for attackers, accounting for 97% in North America last year. But there's now a greater shift for financially motivated threat actors to target government organizations. For example, threat actors tied to China stole $20 million in COVID relief benefits from the U.S. government in 2020.
Given the highly sensitive nature of data that government organizations hold, threat actors view them as the ideal target for stealthy infiltrations and ransom extortions. Crippled by a cyberattack, some state and local governments have resorted to paying bad actors millions in ransoms despite the federal government's stance against ransomware payments.
Mobile devices are the authentication tool used to access government's cloud data, much like a key to a vault. However, they're not always secure. With mobile devices blurring the line between work and personal life, security gaps have appeared that threat actors may exploit and are difficult for organizations to identify and close.
While bring-your-own-device (BYOD) strategies provide government workers with increased flexibility and productivity, they are also more vulnerable to social engineering attacks. Research from Lookout that examined the Q1 mobile threat landscape saw a massive jump in social engineering and phishing attempts, and attacks targeting multi-factor authentication (MFA) solutions. These attacks are designed to steal credentials and impersonate users because once the attacker gets their hands on those legitimate logins, they can quickly enter critical corporate infrastructure and exfiltrate sensitive data within minutes rather than months. This attack route is what Lookout describes as the modern cyber kill chain.
Unchecked mobile device security poses a serious risk to federal agencies. Government organizations must better safeguard the mobile-to-cloud kill chain to ensure their data is secure in today's mobile world. This starts with protecting users' identities to protect organizational data. Here are steps any organization can take to strengthen its mobile security posture:
With social engineering as a primary vector for cyberattacks, social engineering protections are paramount. This could include detecting and blocking phishing messages, blocking malicious sites and preventing or disabling third-party application installs.
Organizations should also implement strong detection and threat response capabilities. It's one thing if a single employee receives an SMS message asking if they logged in from Pasadena, California, but it's a completely different story if an entire team gets a similar text message. Understanding you're under a coordinated attack is crucial information organizations must know for successful threat remediation. Just as necessary is automated threat response. Only automation can protect your data in time when the time to theft can be just minutes.
Also essential to safeguarding against modern kill chain attacks is implementing robust data protection and cloud security policies and tools to ensure only the right people have the right access to data, and only the right data is in the cloud.
This year, expect to see a record number of cyberattacks on government agencies as hackers ramp up their efforts ahead of the 2024 U.S. presidential election. This warning doesn't only apply to the public sector. The modern kill chain impacts all organizations. In modern day, mobile and cloud security must be a priority.
Jim Coyle is the U.S. public sector CTO at Lookout.