itb-nz logo
Story image

Spear phishing techniques evolving to execute lateral attacks – Barracuda

22 Aug 2019

Cloud-enabled security solutions provider Barracuda has released a new report with key findings about the evolving email threat environment.

The latest report, titled: Spear Phishing: Top Threats and Trends Vol. 2 - Email Account Takeover: Defending Against Lateral Phishing, reveals new details about these growing and evolving threats, including the latest tactics used by cybercriminals and the critical precautions to help defend businesses.

The report takes a look at how compromised email accounts are being used to launch targeted lateral phishing attacks that are designed to evade many existing email protection systems, and which advanced detection techniques, security awareness training, and other strategies and solutions businesses are using to prevent attacks.

A closer look at evolving threats

Barracuda’s research uncovered fresh insights into how these popular attacks are evolving and the tactics used by cybercriminals to try to make them successful.

  • 1 in 7 businesses experienced lateral phishing attacks in a seven-month period, based on a random sample of enterprise organisations.
     
  • More than 60% of organisations that were attacked experienced multiple incidents.
     
  • About 11% of attacks managed to successfully compromise additional employee accounts.
  •  
  • 42% of the lateral phishing incidents weren’t reported to the organisation’s IT or security team.
     
  • More than 55% of the lateral phishing attacks targeted recipients with some personal or work relationship to the hijacked email account.
     
  • 37% of lateral phishing attacks used tailored content that was enterprise-oriented or highly specific to the victim’s organisation.

“Email threats, including account takeover and lateral phishing, continue to evolve, and cybercriminals continue to find new ways to execute attacks, avoid detection, and trick users,” says Barracuda Networks email security vice president Mike Flouton.

“Staying ahead of these types of attacks requires an understanding of the latest tactics being used by cybercriminals and the critical precautions available to help defend your business.”

Last month, Barracuda released a study on 2019 email security trends which found that while most IT professionals are more confident about their email security systems than they were a year ago, email attacks continue to have a significant impact on businesses.

Based on the success and proliferation of email-based attacks, IT security professionals will need to stay focused on the evolution and escalation of phishing, ransomware, and other threats and improve email security that goes beyond the traditional gateway.

Story image
How to use Employer of Record services to onboard staff around the world
The marketing solution, natively built within Microsoft Dynamics, helps solve the challenge presented by the bewildering array of complex and expensive marketing tools available to today’s marketing professionals by offering a single unified marketing, analytics and services platform.More
Story image
Gartner details the five 'digital competencies' CFOs must wield in 2021
Advancing the emerging technologies of robotic process automation (RPA), advanced AI and more hinge on achieving these competencies, Gartner says.More
Story image
Hands-on review: MacBook Air with M1 chip (how did we ever live without it?)
I expected the M1-powered MacBook Air to be better than the Intel one, but I did not expect to notice it this much. More
Story image
Top 25 global tech companies hit $11.1 trillion in market cap in Q3 2020
$1.3 trillion was added to the top 25 global technology companies’ cumulative market capitalisation in Q3 2020 alone.More
Story image
Increasing profit margins for your online business through better cost management
Organisations can scale operations and increase profitability with discipline and planning, to minimise or avoid disrupting their traditional business, writes Pitney Bowes head of shipping for A/NZ Ben Seal.More
Story image
Why remote IT operations teams need a virtualised network operations centre
The lack of tools available for remote IT operations teams means that they are left to view multiple IT monitoring tools on different systems. This means they no longer have a central location for viewing information, making information more difficult to track.More