Barracuda Networks exposes cyber criminals’ use of e-mail account takeovers

Barracuda Networks, the dedicated provider of cloud-enabled security solutions, has released a new report containing key findings about the evolving e-mail threat environment. The latest report, entitled ‘Spear Phishing: Top Threats and Trends Volume 2 – e-mail Account Takeover: Defending Against Lateral Phishing’ reveals new details about growing threats, including the latest tactics used by cyber criminals and the critical precautions needed to help defend businesses.

The report takes an in-depth look at how compromised e-mail accounts are being used to launch targeted lateral phishing attacks designed to evade many existing e-mail protection systems. It also evaluates advanced detection techniques, security awareness training and other strategies and solutions businesses are using to prevent attacks.

Barracuda’s research has uncovered fresh insights into how these popular attacks are evolving and the tactics used by cyber criminals to try to make them successful.

One-in-seven businesses experienced lateral phishing attacks in a seven-month period, based on a random sample of enterprise organisations. More than 60% of those organisations that were attacked experienced multiple incidents.

Around 11% of attacks managed to successfully compromise additional employee accounts. 42% of the lateral phishing incidents were not reported to the organisation’s IT or security team.

More than 55% of the lateral phishing attacks targeted recipients with some personal or work relationship to the hijacked e-mail account, while 37% of such attacks used tailored content that was enterprise-oriented or highly specific to the victim’s organisation.

“e-mail threats, including account takeover and lateral phishing, continue to evolve nd cyber criminals continue to find new ways to execute attacks, avoid detection and trick users,” explained Mike Flouton, vice-president of e-mail security at Barracuda Networks. “Staying ahead of these types of attacks requires an understanding of the latest tactics being used by cyber criminals and the critical precautions available to help defend your business.”

*Download the full report:
**Read Barracuda Networks’ blog post:

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts