Government employees’ exposure to cyberattacks nearly doubled since the shutdown started at the beginning of the month, cybersecurity-focused website Dark Reading reported Friday (Oct. 24).
With major agencies in a state of limbo, workers furloughed and threat activity spiking, the government and its employees are at their most exposed ever — at least from the standpoint of cybersecurity — according to the report.
Cyberattackers have noticed, the report said, with a spate of attacks since the beginning of the month. Researchers at the Media Trust noticed an upward blip on October 1, and are now estimating that the feds can expect to be subjected to more than 555 million cyberattacks by month’s end — that would represent just over an 85% increase over an already comparatively robust September.
“These are digital political strikes through websites, apps, and targeted advertising.” What we are seeing is real engagement with employees,” Media Trust CEO Chris Olson said, noting that numerous such engagements are aimed at workers who may be struggling financially.
Dark Reading reports that Justin Miller, associate professor and adviser at the University of Tulsa Institute for Information Security, a U.S. Secret Service veteran, was well aware of the financial struggles these federal workers already face in a potential governmental shutdown:
“And the last time, I remember their saying to me: ‘We’ll give you a piece of paper. You can give this to your mortgage company. You’re a Homeland Security employee – ‘We don’t have your mortgage this month.’ And my mortgage company laughed at me. They’re like, ‘Yeah, that’s great. I can understand the work you’re doing on behalf of DHS, but your mortgage is due on the 15th and you have to pay it,” he said.
In other cybersecurity news, PYMNTS reported on how artificial intelligence (AI) is facilitating social engineering scams at a faster pace and with greater effectiveness than ever before. Warning that the wrongdoers’ tools are advancing, an analysis from Kaufman Rossin earlier this month described how fraudsters have begun vishing, a form of phishing in which voice calls rather than emails are used to swindle people.
“Vishing attacks employ social engineering techniques to gain access to sensitive information. Criminals trick people into disclosing their personal information—particularly financial information—and then use it for fraudulent activities,” the analysis read.
These techniques, PYMNTS said, blur the line between sincere communications and fraud. And “boss scams,” in which criminals pose as managers and coerce workers into purchasing gift cards, are hitting new hires. Using social media posts, attackers can build credibility and start to take advantage of human psychology before IT systems have a chance to intervene.
