Barracuda research uncovers a specialized economy emerging around email account takeover

New report looks at how scammers are getting access to email accounts, how they're using compromised accounts, and how businesses can protect against these attacks

News provided by

Barracuda Networks, Inc.

Jul 23, 2020, 09:03 ET

CAMPBELL, Calif., July 23, 2020 /PRNewswire/ --

Highlights: 

  • Attackers have created a specialized economy using brand impersonation, social engineering, and spear phishing to hijack email accounts and monetize them.
  • In more than one-third of compromised accounts, attackers retain access for more than one week.
  • Credential reuse across employees' personal and organization accounts is being exploited to compromise accounts successfully.

Barracuda, a trusted partner and leading provider of cloud-enabled security solutions, today released key findings about the ways cybercriminals are attacking and exploiting email accounts. The report, titled Spear Phishing: Top Threats and Trends Vol. 4 - Insights into attacker activity in compromised email accounts, reveals a specialized economy emerging around email account takeover and takes an in-depth look at the threats organizations face and the types of defense strategies you need to have in place.

Read the full report: https://www.barracuda.com/spear-phishing-report-4   

Over the past year, Barracuda researchers teamed up with leading researchers at UC Berkeley to study the end-to-end lifecycle of a compromised account. Examining 159 compromised accounts that span 111 organizations, they looked at how the account takeover happens, how long attackers have access to the compromised account, and how attackers use and extract information from these accounts.

A Closer Look at Attacker Behavior
Barracuda's research found fresh insights into these widespread and dangerous attacks, how cybercriminals behave in compromised accounts, and how that should inform your organization's defense strategies. Highlights from the report include:

  • More than one-third of the hijacked accounts analyzed by researchers had attackers dwelling in the account for more than one week.
  • 20% of compromised accounts appear in at least one online password data breach, which suggests that cybercriminals are exploiting credential reuse across employees' personal and organization accounts.
  • In 31% of these compromises one set of attackers focuses on compromising accounts and then sells account access to another set of cybercriminals who focus on monetizing the hijacked accounts.
  • 78% of attackers did not access any applications outside of email.

"Cybercriminals are getting stealthier and finding new ways to remain undetected in compromised accounts for long periods of time so they can maximize the ways they can exploit the account, whether that means selling the credentials or using the access themselves," said Don MacLennan, SVP Engineering, Email Protection at Barracuda. "Being informed about attacker behavior will help organizations put the proper protection in place so they can defend against these types of attacks and respond quickly if an account is compromised."

Resources: 

Download the full report: https://www.barracuda.com/spear-phishing-report-4 

Read the blog post:  http://cuda.co/40984   

Read Vol. 1 - Best Practices to Defeat Evolving Attacks: https://www.barracuda.com/spear-phishing-report 

Read Vol. 2 - Email account takeover and defending against lateral phishing attacks: https://www.barracuda.com/spear-phishing-report-2 

Read Vol. 3 - Defending against business email compromise attacks: https://www.barracuda.com/spear-phishing-report-3

About Barracuda
At Barracuda we strive to make the world a safer place. We believe every business deserves access to cloud-enabled, enterprise-grade security solutions that are easy to buy, deploy, and use. We protect email, networks, data, and applications with innovative solutions that grow and adapt with our customers' journey. More than 200,000 organizations worldwide trust Barracuda to protect them — in ways they may not even know they are at risk — so they can focus on taking their business to the next level. For more information, visit barracuda.com.  

Barracuda Networks, Barracuda and the Barracuda Networks logo are registered trademarks or trademarks of Barracuda Networks, Inc. in the U.S. and other countries. 

Contacts  
Anne Campbell 
Barracuda Networks, Inc. 
978-328-1642 
[email protected]       

SOURCE Barracuda Networks, Inc.

Related Links

https://www.barracuda.com

WANT YOUR COMPANY'S NEWS FEATURED ON PRNEWSWIRE.COM?

icon3
440k+
Newsrooms &
Influencers
icon1
9k+
Digital Media
Outlets
icon2
270k+
Journalists
Opted In
GET STARTED

Also from this source

Barracuda Taps Capchase to Power Barracuda Financial Services, Delivering Flexible Payment Options

Barracuda Taps Capchase to Power Barracuda Financial Services, Delivering Flexible Payment Options

Barracuda Networks, Inc., a leading cybersecurity company providing complete protection against complex threats for all size business, and Capchase,...
Barracuda Introduces 'Barracuda Research' - A Unified Resource for Global Threat Intelligence and Insights

Barracuda Introduces 'Barracuda Research' - A Unified Resource for Global Threat Intelligence and Insights

Barracuda Networks, Inc., a leading cybersecurity company providing complete protection against complex threats for all size business, has introduced ...
More Releases From This Source

Explore

Computer & Electronics

Computer & Electronics

High Tech Security

High Tech Security

Surveys, Polls and Research

Surveys, Polls and Research

News Releases in Similar Topics