The year 2020 has experienced a surge in cyber attacks, with 6,600 organizations scammed by cybercriminals who impersonate official email services.
Barracuda Networks’ email security firm reported that the attackers are deploying sophisticated attacks. The attacks encompass using legitimate services to register Gmail and AOL accounts, which they would use to impersonate a trusted partner to trick employees of an organization into leaking crucial information besides extorting money.
A recent report from the firm revealed that 6,170 malicious accounts had been created to carry out a stunning 100,000 plus BEC attacks on close to 6,600 organizations.
A legit way to attack
The researchers stated that since the beginning of April, the same malicious accounts were responsible for 45% of all BEC attacks recorded.
Furthermore, the cybercriminals opted for Gmail as their number one email service to create malicious accounts. Out of all email domains used by cybercriminals, Gmail accounted for 59%, followed by Yahoo with only 6%.
29% of the malicious accounts were also observed to be active for less than 24 hours, probably to avoid detection and the consequent suspension from email service providers. It also became a common act for the attackers to leave an account inactive for a while before coming back to re-use it.
Prevention is the best option
After analyzing 6,600 organizations, researchers at Barracuda explained that different organizations were attacked using the same email addresses. Additionally, a single malicious account could impact up to 4% (256 organizations) of all the organizations that were under research.
The average number of emails sent by a malicious account was 19, with most ranging between 1 to over 600 emails.
Michael Flouton, Barracuda VP of Email Protection, said that organizations should invest in more effective security software while offering training and education to their employees. In doing so, they will prevent any malicious attacks.