The MSSP community can be in the frontline of defending against email account takeover.
Cybercriminals are getting craftier and sneakier when it comes to email account takeover attacks, according to new research from Barracuda and UC Burkeley.
Researchers conducted a large-scale analysis of email account takeover and the timeline of attacks, the behaviors hackers are using to try to avoid detection, ways to identify suspicious activity that could indicate an email account has been compromised, and precautions businesses can take to protect themselves.
Among the key findings:
Asaf Cidon, professor of electrical engineering and computer science at Columbia University and a Barracuda adviser, tells us organizations often don’t have security solutions that detect compromised accounts and phishing email coming from internal mailboxes.
“Traditional email security gateways do not detect such attacks,” he said. “In addition, it is important to make sure organizations are equipped to respond to internal threats, and are able to block the compromised accounts, and track down all the malicious activity that originated from that account.”
The MSSP community can be on the frontline of defending against account takeover, both from helping customers deploy solutions that can detect these attacks, and in leading the response and remediation of these attacks after they occur, Cidon said.
“In addition, they can implement security awareness training programs in the organizations to increase their awareness of these types of attacks,” he said.
Cybercriminals use brand impersonation, social engineering and phishing to steal login credentials and access an email account, according to the research. Once the account is compromised, hackers monitor and track activity to learn how the company does business, the email signatures they use and the way financial transactions are handled so they can launch subsequent phishing attacks, including harvesting financial information and additional login credentials for other accounts, it said.
Hackers execute account takeover attacks using a variety of methods. In some cases, hackers leverage usernames and passwords acquired in previous data breaches. Due to the fact that people often use the same password for different accounts, hackers are able to successfully reuse the stolen credentials and gain access to additional accounts. Hackers also use stolen passwords for personal emails and use access to that account to try to get access to business email.
Brute-force attacks also are used to successfully take over accounts because people use very simple passwords that are easy to guess and they don’t change them often enough. Attacks also come via web and business applications, including text messages, according to the research.
Barracuda recommends the following precautionary measures:
“We predict that we will see more of these attacks,” Cidon said. “In general, we have seen a rapid rise of these attacks in the past one-and-a-half years. Attackers are motivated by economics, and the reason these attacks are increasing in frequency is because they are simply very successful, and most organizations are not well-equipped to prevent and remediate them.”
Session expired
Please log in again. The login page will open in a new tab. After logging in you can close it and return to this page.