Bad actors targeting the public sector are on the rise, and they’re favoring phishing attacks as the modus operandi. According to the 2024 Verizon Data Breach Investigations Report (DBIR), phishing accounted for 66% of public sector breaches last year. Cyberattacks that target mobile devices for social engineering have become popular among attackers trying to invade government systems. For example, the Securities and Exchange Commission’s X account hack in January resulted from a SIM swap attack. Let’s examine how attackers target mobile devices and the steps government agencies — and their private sector partners — should take to mitigate the risk.

Motivation behind the big X mark on the government’s back

The Verizon DBIR reveals that stealing money is a primary motivation for attackers, accounting for 97% in North America last year. But there’s now a greater shift for financially motivated threat actors to target government organizations. For example, threat actors tied to China stole $20 million in COVID relief benefits from the U.S. government in 2020.

Given the highly sensitive nature of data that government organizations hold, threat actors view them as the ideal target for stealthy infiltrations and ransom extortions. Crippled by a cyberattack, some state and local governments have resorted to paying bad actors millions in ransoms despite the federal government’s stance against ransomware payments.

Mobile devices are the hacker’s master key to the vault

Mobile devices are the authentication tool used to access government’s cloud data, much like a key to a vault. However, they’re not always secure. With mobile devices blurring the line between work and personal life, security gaps have appeared that threat actors may exploit and are difficult for organizations to identify and close.

While bring-your-own-device (BYOD) strategies provide government workers with increased flexibility and productivity, they are also more vulnerable to social engineering attacks. Research from Lookout that examined the Q1 mobile threat landscape saw a massive jump in social engineering and phishing attempts, and attacks targeting multi-factor authentication (MFA) solutions. These attacks are designed to steal credentials and impersonate users because once the attacker gets their hands on those legitimate logins, they can quickly enter critical corporate infrastructure and exfiltrate sensitive data within minutes rather than months. This attack route is what Lookout describes as the modern cyber kill chain.

Defending against the modern kill chain

Unchecked mobile device security poses a serious risk to federal agencies. Government organizations must better safeguard the mobile-to-cloud kill chain to ensure their data is secure in today’s mobile world. This starts with protecting users’ identities to protect organizational data. Here are steps any organization can take to strengthen its mobile security posture:

• Implement advanced mobile security: Mobile device management does not protect against evolving threats. Instead, organizations need three key capabilities for modern security: the ability to stop social engineering attacks, to detect when they’re under a coordinated cyberattack and to respond automatically.

With social engineering as a primary vector for cyberattacks, social engineering protections are paramount. This could include detecting and blocking phishing messages, blocking malicious sites and preventing or disabling third-party application installs.

Organizations should also implement strong detection and threat response capabilities. It’s one thing if a single employee receives an SMS message asking if they logged in from Pasadena, California, but it’s a completely different story if an entire team gets a similar text message. Understanding you’re under a coordinated attack is crucial information organizations must know for successful threat remediation. Just as necessary is automated threat response. Only automation can protect your data in time when the time to theft can be just minutes.

• Test your defenses against modern kill chain attacks: It’s important that defenses are tested to ensure they’re actually secure. For example, having the right communication tools and following best practices for their use is key to minimizing communication risk. Best practices include employing session timeouts, redacting sensitive content from channels and using out-of-band communications in the event of a cyber incident when the primary communication is compromised. This prevents threat actors from gaining visibility into an organization’s incident response.

Also essential to safeguarding against modern kill chain attacks is implementing robust data protection and cloud security policies and tools to ensure only the right people have the right access to data, and only the right data is in the cloud.

• Provide security education and training: Security starts with the end user. Establishing ongoing security training — for example, regular red teaming phishing attack simulations — teaches employees to recognize a phishing attempt and guard against it. This is key when social engineering attacks are becoming more sophisticated, and effective because of human susceptibility.

Why mobile and cloud security must be a priority

This year, expect to see a record number of cyberattacks on government agencies as hackers ramp up their efforts ahead of the 2024 U.S. presidential election. This warning doesn’t only apply to the public sector. The modern kill chain impacts all organizations. In modern day, mobile and cloud security must be a priority.

Jim Coyle is the U.S. public sector CTO at Lookout.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.