Connect with us

Hi, what are you looking for?

Cyber Security

UK government employees receive ‘billions’ of malicious emails per year – report

A new report released today reveals that UK government employees receive an average of 2,400 malicious emails per year, as cybercriminals continue to use email as their vector of choice.

The study, from Comparitech, found that the central government departments across the UK received an estimated 2.6 billion suspicious emails in total last year.

These findings were taken from Freedom of Information (FOI) requests sent to 258 public-sector and national organizations including central government departments, the National Health Service and Network Rail.

“Across just under 260 government organizations, we estimate that 764,331 government employees received a total of 2.69 billion malicious emails in 2021,” the report reads.

Comparitech notes that it defines malicious emails as containing either malware (including ransomware), phishing, or spam.

Malicious findings

An average of 0.32 percent of the malicious emails were opened by staff in 2021, meaning 8.62 million malicious emails were at least previewed. Of those opened, less than 1% (57,736) of these malicious emails resulted in staff members clicking on suspicious links.

Comparitech noted that “some” government departments responded with additional historical data, which showed that the years 2018 to 2019 saw an average increase in malicious emails of 24.5% (or around a quarter).

From 2019 to 2020, this jumped to an increase of just over 146% – more than doubling. From 2020 to 2021, the rate slowed again to just over 16%.

“It’s perhaps no surprise that the biggest increase coincides with the pandemic and most people working from home (and emails, therefore, being their predominant method of communication),” Comparitech noted in the study.

The company also noted, however, that central government departments with high volumes of malicious emails “aren’t necessarily that bigger targets for hackers or have ‘weaker’ security systems”.

“Rather, their IT systems may be doing a better job at filtering out malicious emails,” the report states.

Critical targets

NHS Digital had a total of 357 million malicious emails received by 3,996 employees, equating to 89,353 emails per employee.

Other critical infrastructure services such as railway provider Network Rail Limited received 223 million malicious emails received by a total of 44,356 employees, at a rate of 5,033 emails per employee, while tax department HM Revenue & Customs received 27.9 million malicious emails received by 67,267 employees, or 415 emails per employee.

Scattergun

Paul Bischoff, privacy advocate at Comparitech, told The Daily Swig that government employees are targeted because “they often work for critical services and systems that can’t afford to go down for long”.

“That makes some government agencies more likely to pay ransoms, especially those in healthcare where lives are on the line,” Bischoff added.

Advertisement. Scroll to continue reading.

“Governments also have a lot of employees and not all of them are trained to spot phishing emails. Attackers can target a large number of employees to increase their chances of success.

He advised: “Every government employee who uses the internet for work, has a work email address, or connects to government networks should be trained to spot and handle phishing emails. Phishing is more of an operational problem than a cyber security one.”

Source: https://portswigger.net/daily-swig/uk-government-employees-receive-billions-of-malicious-emails-per-year-report

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

The cyberattack that ultimately led to the breach of several U.S. officials’ email accounts was the result of a China-based threat actor accessing a...

Business News

The days when a construction machinery dealership would simply sell a piece of equipment and then perhaps sell parts or offer a repair service...

Cyber Security

Actors linked to adversarial nations — namely China and Russia — worked across platforms to push inaccurate content, according to a report released Tuesday....

Cyber Security

The cybercrime group evaded remediation efforts by installing persistent backdoors and deploying “new and novel malware.” A Chinese-linked hacking group that security researchers say...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO