Barracuda Networks, an IT security firm, highlights the use of malicious accounts in business email compromise. Its researchers have found that 6,170 malicious accounts using Gmail, AOL, and other email services have been hacked over 100,000 business email compromise in 2020 on nearly 6,600 companies.
Malicious hackers register email accounts with legitimate services to use them to conduct impersonation and business email compromise attacks. They carefully craft these messages and sometimes use the email accounts for only a short span to avoid detection or being suspended by email services providers. However, some hackers may temporarily abandon an account after initial attacks and re-use them after a long time. Each of these email address used for business email compromise attacks is defined as a malicious account and provides insight into how hackers email accounts in their schemes.
Business email compromise by nature is a highly targeted attack. After the initial research period, hackers impersonate an employee or trusted partner in an email attack. The first email is usually used to establish contact and trust. Hackers always expect a reply to their BEC attacks. Therefore, these attacks are usually attempted at a very low volume and are highly personalized to ensure a higher chance of a reply.
Having analysed the attacks, Barracuda researchers found that in many cases hackers were using the same email addresses to attack different organisations. The number of organisations attacked ranged from one to a one mass scale attack that impacted nearly 256 organisations overall.
Speaking on the threat highlight, Murali Urs, Country Manager-India, Barracuda Networks, commented “We began observing a shift in the attack tactics deployed by cybercriminals since the beginning of the global pandemic. It is primarily because of the switch to a completely remote working model in such a short space of time that brought with it a myriad of security challenges for businesses, particularly with many employees using personal devices. Malicious accounts were responsible for 45% of all BEC attacks detected since April 1, 2020. These repeat offenders created multiple attacks, targeting multiple organisations from the same email accounts.”
“The preferred choice of email service for these malicious accounts is Gmail as it is accessible, free, easy to register and has a high enough reputation to pass through email security filters. However, most of the time hackers don’t use their bad emails for a long period. In fact, we saw 29% of malicious account accounts were used only for a period of 24 hours. But some hackers were using the same email address by changing the display names for their impersonation attempts. Looking at their extremely innovative and adaptive nature, it is clear that the risks can never be eliminated but we at Barracuda Networks are delivering innovative security products that are easy to deploy and use to ensure best-in-class customer support,” Murali further added.
Organisations can safeguard themselves from malicious accounts by investing in protection against business email compromise. Cybercriminals design BEC attacks to bypass email gateways. By leveraging artificial intelligence to identify unusual senders, requests, and other communications, business enterprises can detect BEC attacks and other fraud.
Cybercriminals use techniques like spoofing to make the actual account used in an attack unidentifiable. Considering the small volume of attacks coming from a single malicious account, it’s unlikely that the same organisation will get targeted by two different BEC attacks coming from the same email account. Working with a vendor that can share this type of threat intelligence between different organisations in real time will allow for a greater level of protection.
Business enterprises can also train their employees to identify targeted phishing attacks by recognising the messages that come from outside of organisations and stay aware of the latest tactics used by cybercriminals.
Source: Press Release
Discussion about this post