itb-au logo
Story image

Lateral phishing: The latest in email account takeover

Attackers are adapting their methods and finding new ways to exploit compromised email accounts, as account takeover continues to be one of the fastest growing email security threats. 

According to new research from Barracuda, who teamed up with researchers at UC Berkley and UC San Diego, there is a new and growing type of account takeover attacks called lateral phishing. The study found 1 in 7 organisations experienced lateral phishing attacks over the past seven months. 

Of the organisations that experienced lateral phishing, more than 60% had multiple compromised accounts. Some had dozens of compromised accounts that sent lateral phishing attacks to additional employee accounts and users at other organisations. In total, researchers identified 154 hijacked accounts that collectively sent hundreds of lateral phishing emails to more than 100,000 unique recipients.

Attackers use hijacked accounts they've recently compromised to send phishing emails to an array of recipients, ranging from close contacts within the company to partners at other organisations.

According to Barracuda, one of the most striking aspects of this emerging attack is the scale of potential victims that the attackers target. In total, attackers attempted to use the hijacked accounts to send phishing emails to over 100,000 unique recipients. 

While roughly 40% of these recipients were fellow employees at the same company as the hijacked account, the remaining 60,000 recipients spanned a range of victims, from personal email addresses that might have been drawn from the hijacked account's contact book to business email addresses of employees at partner organisations. 

Due to the implicit trust in the legitimate accounts they've compromised, attackers often use compromised accounts to send lateral phishing emails to dozens, if not hundreds, of other organisations so they can spread the attack more broadly, Barracuda says. However, by targeting such a wide range of victims and external organisations, these attacks ultimately lead to increasingly large reputational harm for the initial victim organisation.

In an upcoming study, Barracuda says it will diver deeper and explore the range of content, strategies, success, and sophistication that these lateral phishing attacks exhibit. A full length paper on this research will also be presented at the Usenix Security Symposium, one of the top conferences for security research.

How to defend against lateral phishing
Barracuda says there are three critical precautions organisations can take to help protect themselves against lateral phishing attacks: security awareness training, advanced detection techniques, and two-factor authentication.

1. Security awareness training
Improving security awareness training and making sure users are educated about this new class of attacks will help make lateral phishing less successful. Unlike traditional phishing attacks, which often use a fake or forged email address to send the attack email, lateral phishing attacks are sent from a legitimate''but compromised''account. As a result, telling users to check the sender properties or email headers to identify a fake or spoofed sender, no longer applies. 

Users can often still carefully check the URL of any link before they click it to help them identify a lateral phishing attack. It is important that they check the actual destination of a link in any email, and not just the URL text that is displayed in the email.

2. Advanced detection techniques 
Lateral phishing represents a sophisticated evolution in the space of email-based attacks. Because these phishing emails now come from a legitimate email account, these attacks are becoming increasingly difficult for even trained and knowledgeable users to detect. Organisations should invest in advanced detection techniques and services that use artificial intelligence and machine learning to automatically identify phishing emails without relying on users to identify them on their own. 

3. Two-factor authentication
Finally, one of the most important things that organisations can do to help mitigate the risk of lateral phishing is to use strong two-factor authentication (2FA), such as a two-factor authentication app or a hardware-based token if available. While non-hardware based 2FA solutions remain susceptible to phishing, they can help limit and curtail an attacker''s access to compromised accounts.

Link image
Human capital management? It's simple - when you're on the right path
How do you make a choice that’s right for your business? Let us help you narrow down your search with a few important things to consider before selecting an HCM vendor.More
Link image
Put the pedal to the metal on the road to automation
Forrester data indicates that process automation was a strategic initiative for many organizations before COVID and remains so after. Catch this webinar to learn more about automation.More
Story image
How process automation can help in a COVID-19 world
Where cumbersome manual steps have done the job in the past, many are finding they don’t easily translate to a world of remote working. As a result, organisations are increasingly coming to the conclusion that significant changes need to be made.More
Story image
Rubrik extends AWS partnership with Outposts Ready designation
“Supporting AWS Outposts is a natural fit for Rubrik, as our customers innovate more with AWS. Our SI partners also play an essential role as we work together to help our customers succeed.”More
Story image
Australian construction companies more dependent on data than ever, study finds
The Australian construction industry is increasingly turning to digital technologies, and as a result data is becoming more important than ever, to the point companies would change software providers in order to gain better control of it.More
Story image
CT Global Solutions signs on as SAS Managed Analytics Services partner
“Our new partner likes to say ‘SAS turns data into intelligence and CT Global turns that intelligence into profitability’ – and we look forward to working with them delivering on that promise at the local level.”More