Cyberattacks Targeting State and Local Governments Are Increasing
Researchers at Abnormal Security have observed a 360% increase in phishing attacks against state and local government entities over the past year.
The researchers write, “While phishing tends to consistently increase each year and regularly accounts for the majority of advanced threats, this level of growth is extraordinary.”
Here are the key takeaways from the research:
- Business Email Compromise (BEC) and Vendor Email Compromise (VEC): These attacks are particularly common. BEC involves impersonating a legitimate business email account to deceive recipients, while VEC focuses on compromising vendor emails to initiate fraudulent transactions. The research revealed that BEC attacks on public sector organizations increased by 70% year over year, while VEC attacks jumped 105%.
- Account Takeover Attacks: The increase in phishing incidents has given cybercriminals more opportunities to steal credentials, as phishing remains a highly effective method for compromising email accounts. With phishing attacks targeting public sector organizations surging significantly over the past year, it’s not surprising that there has been a 43% rise in account takeover incidents.
The use of AI in crafting more convincing phishing emails has surged in recent months. AI-generated emails are harder to detect due to their polished and authentic appearance, bypassing traditional security measures. In addition, a staggering 74% of data breaches involve human error, highlighting the vulnerability of employees in the cybersecurity chain. This includes mistakes such as clicking on malicious links, misconfiguring privileges, and using weak passwords.
State and local governments must invest in robust security awareness training to combat these sophisticated email threats. Educating employees on identifying suspicious emails and understanding the latest social engineering tactics can significantly reduce the risk of successful attacks. Additionally, implementing advanced security technologies can help detect and prevent malicious emails before they reach employees, providing a vital layer of defense.
Information used in this article was provided by our partners at KnowBe4.