Q2 Quarterly Threat Landscape Scorecard: Public Sector

2 minute read

The second quarter of 2022 brought the public sector a new set of challenges, exacerbated by geopolitical tensions. Threat actors continued to exchange ideas on how to maneuver within the economic and political constraints brought about by the conflict in Ukraine
in Q2. Remaining aware of the most relevant threats to the public sector can help those in the industry to better prepare and plan before an attack or breach.

The ZeroFox Intelligence team has created a Quarterly Threat Landscape Scorecard for the public sector to address these unique challenges and threats. In this post, we’ll dive into a few of the key takeaways from this scorecard.

Download the full scorecard.

Key Takeaways

Public sector organizations faced a persistent threat from social engineering campaigns, with particularly increases in the use of fraudulent applications, fake Windows 11 upgrades, and employment-related scams to steal credentials and deploy trojans.

The threat of vulnerability exploitation grew, averaging almost 70 Common Vulnerabilities and Exposures (CVEs) disclosed per day—up from 56 per day at the end of 2021. The pace of vulnerability disclosure likely represents a new normal.

The threat to the public sector from Initial Access Brokers (IABs) continued to fall in Q2, despite the market showing signs of resurgence in other sectors. Although spyware received significant media attention in Q2 2022—in particular, long-standing targeting of high-profile public sector individuals globally—this likely represents little change in the scale of threat posed.

The threat from ransomware and digital extortion likely increased, with multiple central government and local government entities targeted. Ransomware threat actors may be struggling to elicit payments from victims, driving changes to extortion tactics.

Lastly, while the ongoing war in Ukraine continued to be the primary driver of geopolitical risk, possible EU and NATO expansion—and new sanctions on Russia—will likely trigger Russian-leaning groups to target high-profile entities.

Next Steps

Get more key insights and recommendations specific to the public sector in our Q2 Quarterly Threat Landscape Scorecard. Get your copy of the scorecard here.

See ZeroFox in action