Search
Close this search box.

Mobile Phishing Assaults in the Energy Sector Spike by 161%

Share:

Mobile phishing attacks targeting energy industry employees have increased by 161 percent compared to last year’s (H2 2020) data, and the trend shows no indications of subsiding. 

Although the risks of outdated and unprotected equipment affect all industries, according to a new analysis by cybersecurity firm Lookout, energy is the most targeted, followed by banking, pharma, government, and manufacturing. 

Asia-Pacific is the most geographically targeted region, followed by Europe and then North America. However, phishing assaults targeting the global energy industry are on the rise all around the world.

Mobile phishing also escalated in the first half of 2021, with approximately 20% of all employees in the energy sector targeted in mobile phishing attempts, marking a 161% rise over the previous six months. 

Impact of COVID-19 

With so many constrained to remote working due to COVID-19, using VPNs to access corporate networks has increased in popularity. 

Unfortunately, external access to a corporate network makes it an appealing target for threat actors who use phishing to gain VPN or domain credentials. 

Threat actors steal credentials in 67 percent of all phishing incidents examined by Lookout researchers. The attackers can use email, SMS, phishing applications, and login pages at counterfeit corporate websites to carry out these attacks. 

These credentials allow them to gain access to internal networks, which they can then exploit for further lateral movement and pivoting points. 

From there, they can identify susceptible systems and begin attacks against industrial control systems, which carry undetected defects that have been present for years.

Malware Isn’t the Only Concern; Beware of Riskware 

Apps that ask for dangerous permissions and access sensitive data on the device are now a bigger concern than “pure” malware because they are significantly easier to get past app store testing. 

Many of these apps link to obscure servers and send data that is unrelated to their basic functioning but poses a significant risk to the user and their employing enterprise. 

Spyware, keyloggers, trojans, and even ransomware droppers continue to be an issue, but they are more likely to be used in highly targeted attacks, therefore their distribution numbers are much lower

How Can You Defend Against Phishing Attempts?

Employee training is crucial in reducing security gaps, as the human component continues to be the greatest risk for installing riskware and clicking/tapping on suspicious links.  

According to Lookout, a single session of anti-phishing training resulted in 50% fewer clicks on phishing URLs over the next 12 months. We offer in-house training courses for your employees to educate them on phishing avoidance, social engineering, and best practices in cyber security. 

We summarise the most frequent ways of attack, present sample phishing emails, provide instances of the different types of cyber-attacks that your company may encounter, and provide tools and tactics to help prevent those attacks. 

Picture of Ahmed Khanji

Ahmed Khanji

Ahmed Khanji is the CEO of Gridware, a leading cybersecurity consultancy based in Sydney, Australia. An emerging thought leader in cybersecurity, Ahmed is an Adjunct Professor at Western Sydney University and regularly contributes to cybersecurity conversations in Australia. As well as his extensive background as a security advisor to large Australian Enterprises, he is a regular keynote speaker and guest lecturer on offensive cybersecurity topics and blockchain.

Contact

Sydney Offices
Level 12, Suite 6
189 Kent Street
Sydney NSW 2000
1300 211 235

Melbourne Offices
Level 13, 114 William Street
Melbourne, VIC 3000
1300 211 235

Perth Offices
Level 32, 152 St Georges Terrace
Perth WA 6000
1300 211 235

Company

Learn more about the team at the forefront of the Australian Cyber Security scene.

About Us →

Meet the Team →

Partnerships →

Learn more about the team at the forefront of the Australian Cyber Security scene.

Career Opportunities →

Internships →

Media appearances and contributions by Gridware and our staff.

See More →

Services

Services

Whether you need us to take care of security for you, respond to incidents, or provide consulting advice, we help you stay protected.

View all services →

Web App Pen. Test Calculator →

Network Pen. Test Calculator →

Governance & Audit

Legal and regulatory protection

Penetration Testing

Uncover system vulnerabilities

Remote Working & Phishing

Fortify your defenses

Cyber Security Strategy

Adaptation to evolving threats

Cloud & Infrastructure

Secure cloud computing solutions

Gridware 360

End-to-end security suite

Gridware Managed Services

Comprehensive & proactive security

Gridware CloudControl
360

Harness the benefits of cloud technology

Gridware Incident Response 24/7

Swift, expert-led incident resolution

Solutions
Resources

Resources

A collection of our published insights, whitepapers, customer success stories and more.

Customer success stories from real Gridware customers. Find out how we have helped others stay on top of their Cyber Security.

Read More →