Credential Harvesting Attacks Targeting the U.S. Federal Government Nearly Double as Malware Declines

Credential Harvesting Attacks Targeting the U.S. Federal Government Nearly Double as Malware Declines

Shifts to a remote workforce in 2020 gave cybercriminals an opportunity to change tactics, focusing on credentialed access to systems accessed from outside government networks.

New data from mobile security vendor, Lookout highlights new problems arising from increased mobile use by government employees in their new U.S. Government Threat Report. The change to using a mobile device has implications on how security-aware employees are when accessing systems, applications, and data that may be cloud-based and not necessarily secured within a government-hardened network environment.

According to the report:

In 2020, 71.5% of phishing attacks were focused on credential harvesting, a 67% increase over 2019
In the same timeframe, only 28.5% of phishing attacks delivered malware, a decrease of 50% over 2019

The problem seems to be from the rise in use of personal devices. According to Lookout, 91% of mobile devices used by federal employees are unmanaged, and the exposure to mobile phishing attacks on unmanaged devices is nearly 8 times greater than managed devices! And with just under 72% of federal employees click on phishing links, the use of unmanaged mobile devices spells like trouble for the U.S. government and any other business that uses personal mobile devices.

Employees need to be taught via Security Awareness Training to keep their cyber defenses up, remaining vigilant when interacting with email and the web by being mindful that links and attachments can be malicious in nature.
** Optrics Inc. is an Authorized KnowBe4 partner

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before the bad guys do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

Here’s how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry
Go Phishing Now!


Find out how affordable new-school security awareness training is for your organization. Get a quote now.

The original article can be found here:

About the Author: Shannon Lewis

Leave a Reply Cancel reply