May 21 2014

Government Remains the Primary Target of Cybercriminals

Attacks against government institutions surpassed those directed toward other sectors.

It should come as no surprise that government institutions are preferred targets for cybercriminals seeking to disrupt agency operations or steal valuable information.

Government databases can provide cyberthieves with troves of sensitive data, including citizens’ personal information. Technology experts often warn agencies to guard critical assets, under the assumption that their networks have or will be compromised. That assumption aligns with findings in Trend Micro’s first quarter Security Roundup, “Cybercrime Hits the Unexpected.”

According to the report, 76 percent of the targeted attacks Trend Micro monitored between January and March were against government institutions. The industrial sector accounted for 7 percent, and 5 percent were against the telecommunications industry.

As a whole, government agencies are reporting more incidents to the Department of Homeland Security than in previous years. Phishing incidents make up the bulk of reported attacks against government entities.

Every year, the U.S. Computer Emergency Readiness Team at DHS releases data on the number of security incidents reported by government entities. Federal agencies accounted for 60,753 cyber incidents reported to US-CERT in the last fiscal year, up 26 percent from 2012.

In its report, Trend Micro highlights what many organizations are experiencing: Cybercriminals are exploiting mobile apps, connected devices and point-of-sale systems used by retailers.

The number of mobile malware and high-risk apps reached two million in the first quarter of the year, according to the report. To help organizations streamline the process for vetting mobile apps, the National Institute of Standards and Technology released the first iteration of its free AppVet tool. AppVet was born out of work NIST performed for the Defense Advanced Research Projects Agency. An early version of the tool was used to vet apps before deploying them on mobile devices used by the military.

Mobile applications aren’t the only means by which cybercriminals are launching attacks. They’re also using social engineering to craft malicious email attachments and links. Computer users in the United States are among the hardest hit, according to Trend Micro.

With email, if your instincts tell you something isn’t right, you’re probably on to something. It’s better to be cautious than fall victim to what may be an engineered attack. Here are 10 tips from TechRepublic for spotting phishing emails.

To learn more, read Trend Micro’s full report.