According to DataLink partner Barracuda Networks, cybercriminals have created a specialized economy using brand impersonation, social engineering, and spear phishing to hijack email accounts and monetize them. The report takes an in-depth look at the threats organizations face and the types of defense strategies businesses need to have in place.
Report Takeaways
- More than one-third of the hijacked accounts analyzed by researchers had attackers dwelling in the account for more than one week.
- 20% of compromised accounts appear in at least one online password data breach, which suggests that cybercriminals are exploiting credential reuse across employees’ personal and organization accounts.
- In 31% of these compromises one set of attackers focuses on compromising accounts and then sells account access to another set of cybercriminals who focus on monetizing the hijacked accounts.
- 78% of attackers did not access any applications outside of email.
“Cybercriminals are getting stealthier and finding new ways to remain undetected in compromised accounts for long periods of time so they can maximize the ways they can exploit the account, whether that means selling the credentials or using the access themselves,” said Don MacLennan, SVP Engineering, Email Protection at Barracuda. “Being informed about attacker behavior will help organizations put the proper protection in place so they can defend against these types of attacks and respond quickly if an account is compromised.”
The report also examines which advanced detection techniques, forensics tools, and other strategies and incident-response solutions businesses are using to successfully prevent costly and damaging email compromise attacks.
Security keeping you up all night? DataLink has solutions to help you rest easy.
Contact us today.
(410) 729-0440 | Email