As the government continues efforts to adopt cloud technology and migrate valuable data, mobile devices are increasingly being used as an authentication method to gain access to the cloud. While traditional attack methods are focused on vulnerabilities against legacy systems, criminals have begun targeting user’s legitimate credentials through advanced social engineering and phishing tactics utilizing SMS, phone calls, QR codes and malware-as-a-service kits.
These “modern kill chain” attacks give threat actors all the information they need to pose as government employees, access agencies’ cloud infrastructure and steal sensitive data. Most alarmingly, the timeline for these attacks has accelerated dramatically—from months to minutes. Mobile devices’ far-reaching scope makes them a significant attack vector for criminals looking to maximize efforts when compromising a network.
Over 60% of mobile devices currently run on vulnerable operating systems, and while many federal civilian and defense agencies have protections in place for traditional endpoints such as laptops and desktop servers, significantly fewer have comprehensive defenses against advanced mobile attack vectors.
Phishing and disinformation
The 2024 U.S. presidential election is near, and government employees and election officials are operating within hybrid workflows, taking advantage of bring-your-own-device (BYOD) policies. Since mobile device use has become the norm in recent years, threat actors are increasingly targeting their mobile devices with phishing and disinformation campaigns.
Mobile devices are popular phishing targets because smaller device screens can obscure finer threat details, such as missing or changed letters in phishing site URLs. Additionally, an extensive ecosystem of mobile email, messaging, and apps on devices offers enticing opportunities for attackers to move laterally, compromise other accounts and gain new information once on the device.
Mobile threat campaigns can have various objectives in the midst of an election, including installing malware to harvest sensitive information such as voter databases or posing as campaign donation sites to steal credentials for financial gain.
However, compromised mobile devices can also be used to facilitate sophisticated disinformation campaigns. If nation-state actors or hacktivists gain access to official communication channels through phished credentials, they can send out false information about voting dates and locations or point voters to third-party websites that spread disinformation about a specific candidate or party. Similar attacks are already occurring; in January, voters in New Hampshire received a robocall from an AI-deepfaked President Biden, discouraging Democratic citizens from voting in the state’s primary election.
Regardless of a criminal’s goals, organizations must be prepared to meet the rapid nature of today’s mobile threat landscape—or risk exposing sensitive electoral information and eroding trust in the democratic process.
The aforementioned attacks are just the tip of the iceberg and are expected to accelerate leading up to November – CISA Director Jen Easterly and other top U.S. cybersecurity experts have warned about anticipated attacks from foreign cyber threats moving into the election season, and the House of Representative’s recent 2025 National Defense Authorization Act draft includes a measure requiring the Secretary of Defense to evaluate the services available to help the DOD secure mobile devices.
Protecting government employees
Given the growing dependence on mobile devices, agency leaders, government employees and election officials must be prepared to combat these threats to safeguard sensitive information and prevent disinformation.
Many legacy endpoint solutions aren’t equipped to adequately defend mobile devices from today’s dynamic threat landscape. While traditional mobile device management (MDM) solutions are a good start, they offer limited visibility and threat coverage, especially against advanced threats like zero-day vulnerabilities, sophisticated phishing attacks and modern malware.
To truly defend devices, organizations must incorporate Mobile Threat Defense solutions into their security stacks. Mobile Threat Defense offers a holistic overview of the global threat landscape and more nuanced and customized mobile threat intelligence. This gives security teams more control over mobile vulnerabilities and allows them to be proactive in identifying threats and designing frameworks tailored to the current threat landscape. Organizations should also consider Mobile Endpoint Detection and Response (Mobile EDR) solutions, which can reconstruct kill chains, provide insights and proactively block potentially risky third-party app behaviors on both managed and unmanaged devices.
For state and local employees involved in official election activities, these protections could be the difference between blocking an advanced mobile phishing campaign against agency infrastructure or that attack successfully compromising private voter information or credentials within minutes.
By combining a robust mobile threat solution with a cultural shift that acknowledges the growing cyber risks posed by mobile devices, government agencies can proactively protect employee devices, defend sensitive government data and ensure the integrity of upcoming elections.
Jim Coyle is U.S. Public Sector Chief Technology Officer at Lookout.