New data from Barracuda shows attackers take their time to leverage the credential compromise and to avoid detection when taking over email accounts.
Waiting is a tactic that often gives an attacker the upper hand. Ransomware attacks are more likely get to get a ransom because backups are compromised with malware installed months prior, and data breaches go undetected for months, allowing attackers to slowly (but surely) take you for everything they’re after.
But new data from security vendor Barracuda shows attackers that are involved in email account takeover have a few common traits that are relatively unexpected and, in some ways, novel:
- Attacks don’t occur all at once. Instead, after an account is compromised, the leveraging of that email account is spread out over a period of time
- Attackers want to look local. Phishing attacks via compromised accounts are performed from IP addresses from locations similar to that of the hacked account
- Attackers anonymise their access. It appears that attackers don’t want to leave clues in the form of IP addresses. Instead, they anonymise IPs that belong to ISPs other than the one used by the hacked account
These findings demonstrate that attackers aren’t just executing an automated attack. Instead, they appear to be really thinking about their actions and the repercussions that may impact their continued ability to launch attacks.
Email Account Takeover attacks plague 1 in 7 organizations, usually via phishing as the attack vector. Organisations wanting to stop this attack in its tracks look to Security Awareness Training to teach users about these kinds of attacks to prepare them for the day they find themselves staring at what appears to be a valid email, but something’s just not right. Their lack of interaction is the key to stopping these phishing attacks and solid cybersecurity education is the key.
Free Phishing Security Test
Would your users fall for convincing phishing attacks? Take the first step now and find out before the bad guys do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.
Here’s how it works:
- Immediately start your test for up to 100 users (no need to talk to anyone)
- Select from 20+ languages and customise the phishing test template based on your environment
- Choose the landing page your users see after they click
- Show users which red flags they missed, or a 404 page
- Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
- See how your organisation compares to others in your industry
PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/phishing-security-test-partner?partnerid=001a000001lWEoJAAW