How Lateral Phishing Attacks Happen and What’s Making Them So Successful

Cybersecurity is a bigger threat than ever to businesses, with cybercriminals growing ever more creative with their attacks. A new report by cloud-enabled security solutions provider Barracuda reveals that email account takeover and lateral phishing represent increasing threats to enterprise organizations.

The report, Spear Phishing: Top Threats and Trends Vol. 2 – Email Account Takeover: Defending Against Lateral Phishing, reveals the latest tactics used by cybercriminals. The in-depth report also includes critical precautions and helpful tips to enable IT professionals, cybersecurity pros, and business owners to better protect their businesses and digital assets.

Some of the key findings?

Attackers follow four primary strategies to choose target recipients of lateral phishing attacks. Additionally, in about one-third of email account takeover attacks, cybercriminals use additional deceptive behavior to make their lateral phishing emails stealthier or more convincing.

Lateral phishing is when a cybercriminal hacks one email account within an organization and then uses that email to target other users who have the same email domain.

Barracuda’s research uncovered fresh insights into how these popular attacks are evolving, along with the tactics used by cybercriminals to try to make them successful.

The report, published in conjunction with researchers from University of California, Berkeley and University of California, Davis, reveals important statistics about the prevalence and dangers of lateral phishing attacks.

• 1 in 7 businesses experienced lateral phishing attacks in a seven-month period, based on a random sample of enterprise organizations.
• More than 60% of organizations that were attacked experienced multiple incidents.
• About 11% of attacks managed to successfully compromise additional employee accounts.
• 42% of the lateral phishing incidents weren’t reported to the organization’s IT or security team.
• More than 55% of the lateral phishing attacks targeted recipients with some personal or work relationship to the hijacked email account.
• 37% of lateral phishing attacks used tailored content that was enterprise-oriented or highly specific to the victim’s organization.

The report takes an in-depth look at how compromised email accounts are being used to launch targeted lateral phishing attacks designed to evade many existing email protection systems. The reports also reveal the advanced detection techniques, security awareness training, and other strategies and solutions businesses are using to prevent attacks.