Email account takeover and lateral phishing represent a growing threat to enterprise UK businesses. In this blog we look at recent findings into Spear Phishing and how it can be used to take over business email systems and access critical data.
How do cyber criminals exploit businesses?
Attackers follow four primary strategies to choose target recipients of lateral phishing attacks. In about one-third of email account takeover attacks, cybercriminals use additional deceptive behaviour to make their lateral phishing emails stealthier or more convincing.
A recent report from Barracuda takes an in-depth look at how compromised email accounts are being used to launch targeted lateral phishing attacks that are designed to evade many existing email protection systems, and which advanced detection techniques, security awareness training, and other strategies and solutions businesses are using to prevent attacks.
A closer look at evolving threats
Barracuda’s research uncovered fresh insights into how these popular attacks are evolving and the tactics used by cybercriminals to try to make them successful. The main findings are as follows:
- 1 in 7 businesses experienced lateral phishing attacks in a seven-month period, based on a random sample of enterprise organisations.
- More than 60 percent of organisations that were attacked experienced multiple incidents.
- About 11 percent of attacks managed to successfully compromise additional employee accounts.
- 42 percent of the lateral phishing incidents weren’t reported to the organisation’s IT or security team.
- More than 55 percent of the lateral phishing attacks targeted recipients with some personal or work relationship to the hijacked email account.
- 37 percent of lateral phishing attacks used tailored content that was enterprise-oriented or highly specific to the victim’s organisation.
“Email threats, including account takeover and lateral phishing, continue to evolve, and cybercriminals continue to find new ways to execute attacks, avoid detection, and trick users,” said Mike Flouton, vice president of email security at Barracuda. “Staying ahead of these types of attacks requires an understanding of the latest tactics being used by cybercriminals and the critical precautions available to help defend your business.”
Find out more
Barracuda’s latest report, titled Spear Phishing: Top Threats and Trends Vol. 2 – Email Account Takeover: Defending Against Lateral Phishing, reveals new details about these growing and evolving threats, including the latest tactics used by cybercriminals and the critical precautions to help defend your business.
The report shows you:
- How compromised email accounts are being used to launch targeted lateral-phishing attacks that are designed to evade many existing email protection systems and fool internal and external recipients
- Why attacks are becoming more sophisticated, stealthy and successful and how to stop them as they become harder to detect
- Which advanced detection techniques, security awareness training and other strategies and solutions businesses are using to prevent attacks
Secure your business
While we’ve all seen the headlines of data breaches such as British Airlines and Marriott, don’t be lulled into thinking that small and medium sized business aren’t also at risk.
Email is the leading source of modern cyber-threats which makes selecting the right enterprise email security is critical to your business success – this is vital even if you’re using Microsoft Office 365 as we discuss here.
Don’t miss what Forrester Research is saying about enterprise email security – Barracuda has been named a leader in the recent Forrester Wave Enterprise Email Security report.
Request your copy of the complimentary report now to read more!