Barracuda, a trusted partner and leading provider of cloud-enabled security solutions, released key findings about the ways cybercriminals are attacking and exploiting email accounts in Asia and around the world.
The report, titled Spear Phishing: Top Threats and Trends Vol. 4 - Insights into attacker activity in compromised email accounts, reveals a specialised economy emerging around email account takeover and takes an in-depth look at the threats organisations face and the types of defence strategies you need to have in place to stay protected.
Barracuda researchers teamed up with leading researchers at UC Berkeley to study the end-to-end lifecycle of a compromised account by taking in responses from 111 organisations across Asia-Pacific, Europe, the Middle East and Africa (EMEA) and the United States over the past year.
Examining 159 compromised accounts from these organisations, they looked at how account takeovers happen, how long attackers have access to the compromised account, and how attackers use and extract information from these accounts.
Findings: A Closer Look at Attacker Behaviour
Barracuda’s research found fresh insights into these widespread and dangerous attacks, how cybercriminals behave in compromised accounts, and how that should inform your organisation’s defence strategies.
Highlights from the report include:
· More than one-third of the hijacked accounts analysed by researchers had attackers dwelling in the account for more than one week.
· 20% of compromised accounts appear in at least one online password data breach, which suggests that cybercriminals are exploiting credential reuse across employees’ personal and organisation accounts.
· In 31% of these compromises one set of attackers focuses on compromising accounts and then sells account access to another set of cybercriminals who focus on monetising the hijacked accounts.
· 78% of attackers did not access any applications outside of email.
“Cybercriminals are getting stealthier and finding new ways to remain undetected in compromised accounts for long periods of time so they can maximise the ways they can exploit the account, whether that means selling the credentials or using the access themselves,” said James Forbes-May, Vice President, Barracuda, Asia-Pacific.
“Being informed about attacker behaviour will help organisations in Asia to put the proper protection in place so they can defend against these types of attacks and respond quickly if an account is compromised.”