CyberheistNews Vol 9 #30 [NEW] Here Is a Fantastic Report You Need to Read Before You Buy
Warwick Ashford at ComputerWeekly reported: "Lateral phishing is a growing type of account takeover that has enabled attackers to target more than 100,000 people by hijacking just 154 email accounts.
Lateral phishing represents a sophisticated evolution in email-based attacks, with 1 in 7 organisations targeted in this way in the past seven months, according to researchers at Barracuda Networks and the University of California, Berkeley.
Account takeover continues to be one of the fastest-growing email security threats, but attackers are starting to adapt, introducing new ways to exploit compromised accounts, such as lateral phishing, which uses hijacked accounts to send phishing emails to an array of recipients in the account’s contact list, ranging from close contacts in the company to partners at other organisations.
Out of the organisations targeted by lateral phishing, more than 60% had multiple compromised accounts.
Some had dozens of compromised accounts that sent lateral phishing attacks to additional employee accounts and users at other organisations.
A recent benchmarking report by security awareness training firm KnowBe4 shows that the average phish-prone percentage across all industries and sizes of organisations at 29.6% – up 2.6% since 2018.
Large organisations in the hospitality industry have the highest phish-prone percentage (PPP) of 48%, and are therefore most likely to fall victim to a phishing attack, while the transportation industry is at the lowest risk, with large organisations in the sector scoring a PPP of just 16%.
Because lateral phishing exploits the implicit trust in the legitimate accounts compromised, these attacks ultimately lead to increasingly large reputational harm for the initial victim organisation, the researchers said.
To defend against lateral phishing attacks, the researchers said there are three critical precautions organisations can take:
Gloss