One third of hackers dwell in hijacked email accounts for more than a week

New report from Barracuda Networks looks at how scammers are getting access to email accounts, how they’re using compromised accounts, and how businesses can protect against these attacks

by Patrick Sullivan, Political Editor on 23 July 2020 15:02

Barracuda_networks

A new report from Barracuda Networks, a trusted partner and leading provider of cloud-enabled security solutions, reveals that over 33 per cent of hijacked email accounts had attackers dwelling in the account for more than a week.

The report, titled Spear Phishing: Top Threats and Trends Vol. 4 - Insights into attacker activity in compromised email accounts, saw Barracuda researchers team up with leading researchers at UC Berkeley to study the end-to-end lifecycle of a compromised email account.

Researchers examined 159 compromised accounts spanning 111 organisations, and concluded that a specialised economy is emerging around email account takeover, using a combination of brand impersonation, social engineering, and spear phishing to hijack email accounts and monetise them.

Barracuda’s researchers also found that 20 per cent of compromised accounts appear in at least one online password data breach, which suggests that cybercriminals are exploiting credential reuse across employees’ personal and organisation accounts.

Furthermore, in 31 per cent of account compromises analysed, the initial set of attackers would focus on compromising accounts and then sells account access to another set of cybercriminals who focus on monetising the hijacked accounts.

This reflects an increasingly specialised, and layered criminal market for account compromise. Interestingly, the researchers observed that 78 per cent of attackers did not access any applications outside of email.

Therefore, the report concluded that either many organisations’ cloud accounts do not have access to interesting data and functionality outside of email, or that attackers have yet to adapt and exploit these additional sources of information.

Don MacLennan, SVP Engineering, Email Protection at Barracuda said: “Cybercriminals are getting stealthier and finding new ways to remain undetected in compromised accounts for long periods of time so they can maximise the ways they can exploit the account, whether that means selling the credentials or using the access themselves.

Being informed about attacker behavior will help organisations put the proper protection in place so they can defend against these types of attacks and respond quickly if an account is compromised.”

Comments
blog comments powered by Disqus

We are wholly dependent on the kindness of our readers for our continued work. We thank you in advance for any support you can offer.

 
Options
Advertisement
Recommended
Advertisement
Advertisement