sb-as logo
Story image

Just 6,000 accounts responsible for over 100,000 email attacks - report

07 Aug 2020

The year 2020 will live in infamy for seemingly countless reasons, but in the world of cybersecurity, perhaps no attack will be ascribed as much notoriety than the email attack.

Now that the year is over halfway done, multiple reports on the state of cybersecurity have circulated around the world of IT – and one, released by Barracuda today, has outlined just how harmful email attacks can be.

According to the study, 6,170 malicious accounts that use Gmail, AOL, and other email services and were responsible for more than 100,000 business email compromise (BEC) attacks on nearly 6,600 organisations. 

In addition, up to 45% of all BEC attacks detected by the company since 1 April have been deemed ‘malicious’.

But how exactly do attackers go about this, and how did they become so dominant?

Of the 45% of attacks labelled malicious, most were repeated by the same user, and often targeted multiple organisations from the same email accounts. These attackers begin by registering email accounts with legitimate services to use them in impersonation and business email compromise attacks. 

To increase the odds of getting away with it, many use these accounts only a few times to avoid suspicion and lower the chances of being blocked or detected.

To further protect themselves, most attackers don’t use the same accounts for over a day.

In fact, 29% of malicious accounts used for only a 24-hour period. There are several reasons for the short life span of these accounts:

  • Malicious accounts may get reported and suspended by email providers
  • It’s easy for cybercriminals to register new accounts
  • Cybercriminals may temporarily abandon an account after initial attacks and then return to it after a long period of time

According to the report, Gmail is the email service of choice for most attackers – most likely due to its status as accessible, free and easy to register.

Meanwhile, the number of organisations attacked by each malicious account ranged from one to a single mass scale attack that impacted 256 organisations — 4% of all the organisations included in the research.

“While most malicious accounts are used by attackers for a short period of time, some cybercriminals used these accounts to launch attacks for over year,” says Barracuda sales engineer manager Mark Lukie. 

“It’s not unusual for cybercriminals to return and re-use an email address in attacks after a long break.

“With the help of innovative technologies such as AI-powered tools, organisations can get better at spotting spoofed and malicious emails,” says Lukie.

“Combined with a renewed focus on more progressive approaches to staff training, organisations can begin to fight back.”

Story image
Data transparency increasingly important, Kaspersky study states
“It is clear from the data that people have developed a sense of control and they are now demanding openness about how and where their data is being managed."More
Story image
WatchGuard uncovers top cyber threat trends of Q4 2020
“The rise in sophisticated, evasive threat tactics last quarter and throughout 2020 showcases how vital it is to implement layered, end-to-end security protections."More
Story image
Attivo Networks expands Active Directory suite for greater protection
"We see Active Directory exploitation used in the majority of ransomware, insider and advanced attacks. We are pleased to now offer our customers early and efficient solutions for preventing the misuse of Active Directory.”More
Story image
Gigamon & FireEye tackle security in hybrid cloud environments
The partnership is an extension to a ‘long-standing’ relationship that aims to ‘simplify, secure, and optimise hybrid cloud environments’.More
Story image
AvePoint brings Salesforce Cloud Backup to channel partners
The product adds to the AvePoint suite of trusted Cloud Backup for Microsoft 365 and Dynamics 365 to provide managed service providers with backup and restore capabilities across multiple, popular SaaS providers.More
Story image
Kroll completes Redscan acquisition, expands cyber risk portfolio
With the addition of Redscan and its extended detection and response (XDR) enabled security operations centre (SOC) platform, Kroll expands its Kroll Responder capabilities to support a wider array of cloud and on-premise telemetry sources.More