Phishing Surge Targets Governments, Brazil Hardest Hit
Phishing campaigns targeting government domains have escalated, with cybercriminals exploiting vulnerabilities for malicious activities. Over 20 countries have been affected, with Brazil leading the list. The USA accounts for 9% of abused domains. Malware like Agent Tesla Keylogger and StormKitty have been found using compromised government email addresses as command-and-control servers.
Cybercriminals are exploiting government website vulnerabilities, with nearly 60% of abused .gov domains containing 'noSuchEntryRedirect' in their URL paths. This suggests a link to a Liferay digital platform vulnerability (CVE-2024-25608). Open redirects are a common tactic used to bypass secure email gateways (SEGs).
Government agencies must implement stricter validation processes to prevent open redirects. Regular software updates and patches are crucial to protect against threats. Organizations must also be aware of the risks associated with phishing campaigns and provide adequate training to mitigate these risks.
Between November 2022 and November 2024, government agencies related to critical infrastructures and public services were the most frequent targets. Notable targets included governments of countries involved in ongoing conflicts, such as Ukraine, and Western intelligence-related agencies.
Cybercriminals are increasingly targeting government domains for phishing campaigns and malware distribution. Stricter validation processes, regular software updates, and increased awareness are necessary to mitigate these risks. Government agencies must take proactive measures to protect their domains and the public from these threats.
