Lateral phishing: Hackers are taking over business accounts to send malicious emails

The use of compromised accounts to send phishing emails to contacts inside and outside an organization is an increasing security threat.

How cybersecurity is developing to combat Russian hackers Leo Taddeo, chief information security officer at Cyxtera Technologies, discusses phishing and Russia's involvement in the 2016 US presidential election with CNET's Dan Patterson.

One in seven organizations have experienced "lateral phishing," a situation in which an account inside an organization is compromised, and the credibility of that same-domain account is leveraged to send phishing emails to other people within the same domain, along with frequent contacts external to the company, according to a report published Thursday by Barracuda Networks, in cooperation with researchers at UC Berkeley and UC San Diego.

For organizations that fell victim to lateral phishing attacks, over 60% have had multiple account compromises, with researchers analyzing 154 compromised accounts, and over 100,000 unique recipients.

This type of attack relies strongly on implicit trust that comes with custom, organization-provided email accounts, as opposed to free email services provided by Google, Microsoft, or Yahoo. 

SEE: Launching a career in cybersecurity: An insider's guide (free PDF) (TechRepublic)

Barracuda recommends the use of security awareness training, to educate users about this type of attack, as well as requiring two-factor authentication (2FA) to limit the frequency of compromised accounts in your organization, as well as advanced phishing detection techniques that use artificial intelligence (AI) or machine learning for detection.

Generally, segmenting access to information can greatly limit the extent of damage in the result a phishing attack is successful, as barriers to sensitive information can frustrate attempts to exfiltrate sensitive data from an organization. 

For more, check out TechRepublic's cheat sheet for phishing and spearphishing, as well as "More than 3B fake emails sent daily as phishing attacks persist," and "Why you need to use DMARC and SPF on mail servers to prevent phishing and fraud" on TechRepublic.

Also see

istock-487606535.jpg

weerapatkiatdumrong, Getty Images/iStockphoto