Attackers are successfully
stealing the credentials of employees and using them in account takeover (ATO)
incidents more frequently, which makes business email compromise (BEC) one of
the most prevalent types of cyber fraud, according to Barracuda
Networks.
The latest Threat Spotlight, looked at the motives behind ATOs and found
that while hackers have myriad objectives, many will commonly use ATOs to
launch phishing campaigns.
“Some attackers try to use the hacked
email account to launch phishing campaigns that will go undetected, some
attackers steal credentials of other employees and sell them in the black
market, and others use the account to conduct reconnaissance to launch
personalized attacks,” researchers wrote.
“The most sophisticated
attackers steal the credentials of a key employee (e.g., CEO or CFO), and use
them to launch a business email compromise (BEC) attack from the real
employee's email address.”
From April to June 2018, 60
incidents occurred among the 50 randomly selected organizations. Of the 50
organizations, four to eight reported having at least one account takeover
incident. The result for those companies that were compromised was that
accounts were used for nefarious purposes.
A large majority (78%) of the
total incidents resulted in a phishing email where the attacker usually impersonated the
employee and requested that the recipients click on malicious links or open
infected attachments.
Analysis of the incidents
revealed that 17% were platforms for spam campaigns that appeared to come from
reputable domains, while 5% of incidents involved internal email traffic in
which the attacker asked the
recipient to download an attachment.
Over the course of the
three-month study, 50 different email accounts were compromised. Through
examining the roles of the compromised employees, some of whom were compromised
multiple times, researchers found that the total number of compromised employees
was 60, with 6% of those identified as executives and 22% reportedly in sensitive departments.
No comments:
Post a Comment