Barracuda reports on a new research in collaboration with the University of California (Berkeley and San Diego). The research describes a new form of phishing, called lateral phishing. Hacked accounts are used to obtain data from other users.
The lateral approach literally means that the relationships of infected accounts are used to get hold of more data. In other words, there is more internal phising-in by abusing the trust that exists among employees of companies or among partners of other companies.
The study shows that one in seven of the organisations surveyed had to deal with lateral phising in the past seven months. More than 60 percent of the companies affected had multiple affected accounts. In some organizations, dozens of compromised accounts were discovered that sent phishing emails to users in other organizations, such as partner companies.
Features of lateral phishing
According to Barracuda, one of the most striking features of this phishing tactic is the unprecedented scale on which criminals can operate. The hijacked accounts were used to send phishing emails to up to 100,000 unique recipients, of which 60,000 were not in the same company as the sender. These were therefore recipients ranging from personal e-mail addresses from address books of hacked users or employees of external organisations.
The trust that comes from an email address is widely used to send as many phishing emails as possible. This means that the reputational damage suffered by the original victim organisation is increasing with this type of phishing.
Protective measures
The security specialist mentions three ways to arm oneself against these phishing practices. First, it is important to train users to recognize phishing attempts from known and legitimate addresses. Secondly, there are advanced methods for recognizing this type of phishing, such as techniques that use artificial intelligence or machine learning to recognize phishing emails. Finally, 2FA (Two-Factor Authentication) is a proven way to protect accounts from third-party intrusion.
This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.