TECHNOLOGY

Lateral Phishing: Three Measures To Protect Against Attacks

Cybercriminal abuse of hacked email accounts remains one of the greatest threats to…

In collaboration with researchers from the universities of UC Berkeley and UC San Diego, Barracuda security researchers have discovered a new way of taking over mail accounts: lateral phishing. In lateral phishing attacks, cybercriminals misuse compromised accounts to send phishing emails to a range of recipients, from company contacts to business partners in other companies. The study found that one in seven companies had experienced lateral phishing attacks in the past seven months.

Of the companies affected by lateral phishing, the researchers found several compromised accounts in 60 percent. Some had dozens of compromised accounts that launched lateral phishing attacks on additional employee accounts and users in other companies. In total, the researchers identified 154 hijacked accounts that collectively sent hundreds of lateral phishing emails to more than 100,000 unique recipients.

Lateral Phishing: Long-Range Attacks

One of the most noticeable aspects of this new form of attack is the reach of potential victims. While around 40 percent of the target persons were employees of the same company, the remaining 60,000 recipients were private email addresses, for example, from the contact book of the hacked accounts and business email addresses from partner organizations.

Because these attacks target such a wide range of victims of company employees’ address book contacts and external organizations, they increase reputational damage for the originally hacked company. There are three steps companies can take to protect themselves from lateral phishing attacks:

Training On Security Measures

Optimizing security training and educating employees about lateral phishing will help contain this threat. However, unlike traditional phishing attacks, which often use a fake email address, lateral phishing attacks are sent from a legitimate but compromised account.

This eliminates the need to instruct users to check the sender properties or email headers to identify a fake sender. Instead, users should carefully check the URL of links in any email they receive by hovering over them with the cursor before clicking on them. You must control the actual destination and not just the URL text that appears in the email.

Use Advanced Detection Technologies

Lateral phishing is a challenging development in the field of email-based attacks. Because these malicious emails originate from a legitimate account, they are difficult to detect, even for a trained and knowledgeable user. Therefore, companies should invest in advanced detection techniques and services that use artificial intelligence and machine learning to identify phishing emails automatically.

Introduce Two-Factor Authentication

Finally, one of the most important measures to minimize the risk of lateral phishing is to use strong two-factor authentication (2FA), for example, using a 2FA application or a hardware-based token, if available. Non-hardware-based 2FA solutions, while still vulnerable to phishing, can help limit an attacker’s access to compromised accounts.

Social engineering and sophisticated cybercriminal tactics remain one of the greatest threats to corporate security. However, the risk of lateral phishing attacks can be significantly reduced by the security measures mentioned above.

In lateral phishing attacks, cybercriminals misuse compromised accounts to send phishing emails to a range of recipients, from company contacts to business partners in other companies. However, unlike traditional phishing attacks, which often use a fake email address, lateral phishing attacks are sent from a legitimate but compromised account. This eliminates the need to instruct users to check the sender properties or email headers to identify a fake sender.

TechSmashers

Tech Smashers is a global platform that provides the latest reviews & news updates on Technology, Business Ideas, Gadgets, Digital Marketing, Mobiles, Updates On Social Media and many more up coming Trends.

Recent Posts

The Role of SEO in Social Media Marketing

Social media marketing and search engine optimization (SEO) are two pillars of digital marketing that… Read More

3 weeks ago

Top 10 Premium TWS Headsets in India

Many people consider True Wireless Stereo (TWS) headsets essential since they provide wireless communication without… Read More

2 months ago

Company Culture: How Technology Can Support HR

“Transformation,” the new martingale for decision-makers, has been on everyone’s lips for several years. Digital… Read More

4 months ago

How To Choose Your Keywords

Finding the most sensible expressions for your website is one of the essential pieces of… Read More

5 months ago

App Field Service – Digital Solutions for Mobile Workers

Working in the field requires very good communication and access to always up-to-date information. Constantly… Read More

5 months ago

How RFP Automation Can Streamline the Proposal Process

For businesses that regularly engage in competitive bidding, Request for Proposal (RFP) processes can be… Read More

6 months ago