Experts have warned about a new and growing type of account takeover attack, which successfully evades many existing protection systems.
Barracuda’s researchers are calling it “lateral phishing”, and say that one in seven organisations have been victims of this type of an attack over the past seven months.The contents of the email are usually enterprise-oriented, or highly specific to the victim’s organisation.
Almost two thirds (60 per cent) of the attacked organisations were targeted multiple times, while 11 per cent managed to successfully compromise additional employee accounts.
The report also stated that almost all attacks (98 per cent) happened during the weekend, while just under half (42 per cent) weren’t even reported to the organisation’s IT or security team.
More than half of the attacks (55 per cent) targeted people with either personal or professional relationship to the email account.
“Email threats, including account takeover and lateral phishing, continue to evolve, and cybercriminals continue to find new ways to execute attacks, avoid detection, and trick users,” said Mike Flouton, vice president of email security at Barracuda Networks.
“Staying ahead of these types of attacks requires an understanding of the latest tactics being used by cybercriminals and the critical precautions available to help defend your business.”