searchtwitterarrow rightmail strokearrow leftmail solidfacebooklinkedinplusangle upmagazine plus
Help Net Security - Daily information security news with a focus on enterprise security.
  • News
  • Features
  • Expert analysis
  • Reviews
  • Events
  • Whitepapers
  • Industry news
  • Newsletters
  • (IN)SECURE Magazine

Featured news

  • Hackers found leveraging three SonicWall zero-day vulnerabilities
  • Attackers are exploiting zero-day in Pulse Secure VPNs to breach orgs (CVE-2021-22893)
  • Cybersecurity only the tip of the iceberg for third-party risk management
  • Most users don’t know the capabilities and risks of QR codes
  • Complexity and budgetary constraints complicate cloud security
Zeljka Zorz
Zeljka Zorz, Managing Editor, Help Net Security
August 16, 2019
Share

Researchers reveal the latest lateral phishing tactics

Emails coming from legitimate, compromised accounts are difficult to spot, both for existing email protection systems and the recipients themselves.

lateral phishing tactics

Lateral phishing tactics

Researchers from Barracuda, UC Berkeley and UC San Diego have studied 180 lateral phishing incidents and have identified the following patterns organizations and individuals should be aware of:

  • One in 10 of the lateral phishing attacks succeed
  • 42% don’t get reported to the organization’s IT or security team
  • 98% of the lateral phishing incidents occurred during a weekday

You would think that most lateral phishing would take the form of refined and highly personalized messages, but in most cases that’s not true.

“Across the incidents studied, our researchers found that the majority of lateral phishing attacks rely on two deceptive narratives: messages that falsely alert the user of a problem with their email account, and messages that provides a link to a fake ‘shared’ document, Barracuda said in a recently released report.

These types of commonplace messages represent 63 percent of the lateral phishing emails. In 30 percent of the cases, the language used was adapted to target enterprise organizations (e.g., “Updated work schedule. please distribute to your teams”).

“In the most sophisticated approach, 7 percent of the attacks involved highly targeted content that was specific to the hijacked account’s organization. For example, in one email account takeover incident, the attacker compromised an account at an organization that was about to celebrate its 25th anniversary. Using the hijacked account, the attacker sent dozens of spear-phishing emails to fellow employees advertising a 25th year anniversary celebration event,” the company shared.

In most of the cases (45%), the attackers tried to compromise random accounts and didn’t go after victims with some tie to the hijacked account (those have been targeted in just 29 percent of attacks). Also, apparently, this batch of studied incidents didn’t involve BEC scammers, as the attackers used the hijacked account to send business partners of the hijacked account’s organization in just 1 percent of the observed cases.

Another interesting discovery: recipients of the lateral phishing emails often found the emails suspicious and replied to the hijacked account to ask whether the email was legitimate or intended for them. In 17.5% of the cases, the attackers replied with reassurances that the email was legitimate and the attachment/email safe to open.

Finally, in order to keep their access to the compromised accounts as long as possible, attackers have been known to delete the phishing emails they sent and the replies they received to them.

lateral phishing tactics

Defense

Being aware of these tactics is one way individuals and organizations can protect themselves. Another one is to use security solutions that are geared towards spotting them. Protecting accounts with 2-factor authentication (preferably hardware-based) could also thwart most (if not all) of these attacks.

Ideally, organizations should combine all of these solutions.

More about
  • account hijacking
  • Barracuda Networks
  • cybercrime
  • email security
  • phishing
  • research
  • scams
  • spear-phishing
Share this
car

Securing vehicles from potential cybersecurity threats

  • Approaching zero trust security strategically
  • Product showcase: Accurics
Your ultimate guide to CISSP exam planning

What's new

Cybersecurity risk management

Cybersecurity only the tip of the iceberg for third-party risk management

red

Attackers are exploiting zero-day in Pulse Secure VPNs to breach orgs (CVE-2021-22893)

SonicWall

Hackers found leveraging three SonicWall zero-day vulnerabilities

user

How do I select an identity management solution for my business?

Don't miss

SonicWall

Hackers found leveraging three SonicWall zero-day vulnerabilities

red

Attackers are exploiting zero-day in Pulse Secure VPNs to breach orgs (CVE-2021-22893)

user

How do I select an identity management solution for my business?

car

Securing vehicles from potential cybersecurity threats

Facebook

Facebook Messenger users targeted by a large-scale scam

Help Net Security - Daily information security news with a focus on enterprise security.
Follow us
  • Features
  • News
  • Expert Analysis
  • Reviews
  • Events
  • Whitepapers
  • Industry news
  • Newsletters
  • Twitter

In case you’ve missed it

  • How do I select an identity management solution for my business?
  • Securing vehicles from potential cybersecurity threats
  • Securing an online marketplace through the COVID-19-fueled boom
  • How do I select an attack detection solution for my business?

(IN)SECURE Magazine ISSUE 68 (March 2021)

  • Physical cyber threats: What do criminals leave when they break in?
  • Review: Group-IB Fraud Hunting Platform
  • Tips for boosting the “Sec” part of DevSecOps
Read online
© Copyright 1998-2021 by Help Net Security
Read our privacy policy | About us | Advertise