Signage is displayed outside of Twitter headquarters in San Francisco, California, U.S., on … [+]
Cyber thieves are using new strategies, tactics and techniques to help increase the chances of success of their phishing attacks against companies and organizations. Making matters worse for business leaders, ransomware attacks are on the rise as is the amount of money that is being demanded.
That’s according to a new report from IT security company Barracuda Networks, which warned that, “As attackers work to make their phishing attacks more targeted and effective, they’ve started researching potential victims, working to collect information that will help them improve the odds that their attacks will succeed.”
Barracuda Networks explained that, “Bait attacks are one technique attackers are using to test out email addresses and see who’s willing to respond,” and then use that information to plan future targeted attacks.
“Also known as reconnaissance attacks, these efforts are usually emails with very short or even empty content. The goal is to either verify the existence of the victim’s email account by not receiving any ‘undeliverable’ emails or to get the victim involved in a conversation that would potentially lead to malicious money transfers or leaked credentials,” the company said.
Hard To Defend Against
According to Barracuda Networks, “Because this class of threats barely contains any text and does not include any phishing links or malicious attachments, it is hard for conventional phishing detectors to defend against these attacks.”
The company noted that, “to avoid being detected, the attackers typically use fresh email accounts from free services, such as Gmail, Yahoo, or Hotmail, to send the attacks. Attackers also rely on a low volume, non-burst sending behavior in an attempt to get past any bulk or anomaly-based detectors.”
Other major findings of the survey include:
A Third Of Surveyed Companies Attacked
More Ransomware Attacks
Higher Ransom Amounts
Advice For Business Leaders
Barracuda Networks recommended that companies and organizations take the following steps:
Deploy AI To Identify And Block Phishing Attacks
Traditional filtering technology is largely helpless when it comes to blocking bait attacks. The messages carry no malicious payload and usually come from Gmail, which is considered highly reputable. AI-based defense is a lot more effective. It exploits data extracted from multiple sources including communication graphs, reputation systems, and network-level analysis to be able to protect against such attacks.
Some of these attacks may still land in users’ inboxes, so train users to recognize these attacks and not reply. Include examples of bait attacks in your security awareness training and simulation campaigns. Encourage users to report these to your IT and security teams.
Quickly Move Bait Attacks From Inboxes
When bait attacks are identified, it’s important to remove them from users’ inboxes as quickly as possible before they open or reply to the message. Automated incident response can help identify and remediate these messages in minutes, preventing further spread of the attack and helping to avoid making your organization a future target.
This content was originally published here.