searchtwitterarrow rightmail strokearrow leftmail solidfacebooklinkedinplusangle upmagazine plus
Help Net Security - Daily information security news with a focus on enterprise security.
Help Net Security - Daily information security news with a focus on enterprise security.
  • News
  • Features
  • Expert analysis
  • Videos
  • Reviews
  • Events
  • Whitepapers
  • Industry news
  • Product showcase
  • Newsletters
Zeljka Zorz
Zeljka Zorz, Editor-in-Chief, Help Net Security
August 16, 2019
Share

Researchers reveal the latest lateral phishing tactics

Emails coming from legitimate, compromised accounts are difficult to spot, both for existing email protection systems and the recipients themselves.

lateral phishing tactics

Lateral phishing tactics

Researchers from Barracuda, UC Berkeley and UC San Diego have studied 180 lateral phishing incidents and have identified the following patterns organizations and individuals should be aware of:

  • One in 10 of the lateral phishing attacks succeed
  • 42% don’t get reported to the organization’s IT or security team
  • 98% of the lateral phishing incidents occurred during a weekday

You would think that most lateral phishing would take the form of refined and highly personalized messages, but in most cases that’s not true.

“Across the incidents studied, our researchers found that the majority of lateral phishing attacks rely on two deceptive narratives: messages that falsely alert the user of a problem with their email account, and messages that provides a link to a fake ‘shared’ document, Barracuda said in a recently released report.

These types of commonplace messages represent 63 percent of the lateral phishing emails. In 30 percent of the cases, the language used was adapted to target enterprise organizations (e.g., “Updated work schedule. please distribute to your teams”).

“In the most sophisticated approach, 7 percent of the attacks involved highly targeted content that was specific to the hijacked account’s organization. For example, in one email account takeover incident, the attacker compromised an account at an organization that was about to celebrate its 25th anniversary. Using the hijacked account, the attacker sent dozens of spear-phishing emails to fellow employees advertising a 25th year anniversary celebration event,” the company shared.

In most of the cases (45%), the attackers tried to compromise random accounts and didn’t go after victims with some tie to the hijacked account (those have been targeted in just 29 percent of attacks). Also, apparently, this batch of studied incidents didn’t involve BEC scammers, as the attackers used the hijacked account to send business partners of the hijacked account’s organization in just 1 percent of the observed cases.

Another interesting discovery: recipients of the lateral phishing emails often found the emails suspicious and replied to the hijacked account to ask whether the email was legitimate or intended for them. In 17.5% of the cases, the attackers replied with reassurances that the email was legitimate and the attachment/email safe to open.

Finally, in order to keep their access to the compromised accounts as long as possible, attackers have been known to delete the phishing emails they sent and the replies they received to them.

lateral phishing tactics

Defense

Being aware of these tactics is one way individuals and organizations can protect themselves. Another one is to use security solutions that are geared towards spotting them. Protecting accounts with 2-factor authentication (preferably hardware-based) could also thwart most (if not all) of these attacks.

Ideally, organizations should combine all of these solutions.

More about
  • account hijacking
  • Barracuda Networks
  • cybercrime
  • email security
  • phishing
  • research
  • scams
  • spear-phishing
Share this

Featured news

  • Exchange Online will soon start blocking emails from old, vulnerable on-prem servers
  • Apple backports fix for exploited WebKit bug to older iPhones, iPads (CVE-2023-23529)
  • What you need before the next vulnerability hits
How to protect online privacy in the age of pixel trackers

Sponsored

Webinar: Tips from MSSPs to MSSPs – starting a vCISO practice

Security in the cloud with more automation

CISOs struggle with stress and limited resources

How to scale cybersecurity for your business

Don't miss

Exchange Online will soon start blocking emails from old, vulnerable on-prem servers

Apple backports fix for exploited WebKit bug to older iPhones, iPads (CVE-2023-23529)

Europol details ChatGPT’s potential for criminal abuse

What you need before the next vulnerability hits

Running a security program before your first security hire

Cybersecurity news
Help Net Security - Daily information security news with a focus on enterprise security.
© Copyright 1998-2023 by Help Net Security
Read our privacy policy | About us | Advertise
Follow us