How Cyber Thieves Are Ramping Up Their Phishing Attacks Against Companies And Organizations

How Cyber Thieves Are Ramping Up Their Phishing Attacks Against Companies And Organizations

Signage is displayed outside of Twitter headquarters in San Francisco, California, U.S., on … [+] Thursday, July 16, 2020. As Twitter Inc. grapples with the worst security breach in its 14-year history, it must now uncover whether its employees were victims of sophisticated phishing schemes or if they deliberately allowed hackers to access high-profile accounts. Photographer: David Paul Morris/Bloomberg

Cyber thieves are using new strategies, tactics and techniques to help increase the chances of success of their phishing attacks against companies and organizations. Making matters worse for business leaders, ransomware attacks are on the rise as is the amount of money that is being demanded.

That’s according to a new report from IT security company Barracuda Networks, which warned that, “As attackers work to make their phishing attacks more targeted and effective, they’ve started researching potential victims, working to collect information that will help them improve the odds that their attacks will succeed.”

Baiting Techniques

Barracuda Networks explained that, “Bait attacks are one technique attackers are using to test out email addresses and see who’s willing to respond,” and then use that information to plan future targeted attacks. 

“Also known as reconnaissance attacks, these efforts are usually emails with very short or even empty content. The goal is to either verify the existence of the victim’s email account by not receiving any ‘undeliverable’ emails or to get the victim involved in a conversation that would potentially lead to malicious money transfers or leaked credentials,” the company said.

Hard To Defend Against

According to Barracuda Networks, “Because this class of threats barely contains any text and does not include any phishing links or malicious attachments, it is hard for conventional phishing detectors to defend against these attacks.” 

MORE FOR YOU

The company noted that, “to avoid being detected, the attackers typically use fresh email accounts from free services, such as Gmail, Yahoo, or Hotmail, to send the attacks. Attackers also rely on a low volume, non-burst sending behavior in an attempt to get past any bulk or anomaly-based detectors.”

Survey Results

Other major findings of the survey include: 

A Third Of Surveyed Companies Attacked

More Ransomware Attacks

Higher Ransom Amounts

Parallel Attacks

Advice For Business Leaders 

Barracuda Networks recommended that companies and organizations take the following steps:

Deploy AI To Identify And Block Phishing Attacks  

Traditional filtering technology is largely helpless when it comes to blocking bait attacks. The messages carry no malicious payload and usually come from Gmail, which is considered highly reputable. AI-based defense is a lot more effective. It exploits data extracted from multiple sources including communication graphs, reputation systems, and network-level analysis to be able to protect against such attacks. 

Train Users  

Some of these attacks may still land in users’ inboxes, so train users to recognize these attacks and not reply. Include examples of bait attacks in your security awareness training and simulation campaigns. Encourage users to report these to your IT and security teams.  

Quickly Move Bait Attacks From Inboxes 

When bait attacks are identified, it’s important to remove them from users’ inboxes as quickly as possible before they open or reply to the message. Automated incident response can help identify and remediate these messages in minutes, preventing further spread of the attack and helping to avoid making your organization a future target.

This content was originally published here.

Laat een reactie achter

Het e-mailadres wordt niet gepubliceerd.