ATO attacks steal a person’s credentials and use them to send emails from their account, according to a recent Barracuda Networks report.
Account takeover attacks (ATO), in which a person’s credentials are stolen and used to send emails from their real account, often result in phishing attacks being sent from the victim’s account, according to a Barracuda Networks report, released Thursday. Out of the 60 total ATO incident recorded, 78% led to phishing emails, said the report.
Barracuda randomly selected 50 organizations to study from April to June 2018. The goal of the study was to analyze ATO attacks, which are much less likely to be blocked by security systems that filter for domain, sender, or IP reputation, said the report.
Phishing attacks are typically used to infect additional email accounts, the report said. Oftentimes these attacks appear as messages from a real user asking the recipient to click on a link. Not only did the study unveil a large number of phishing attack attempts, but hackers also used the stolen credentials to deploy spam campaigns.
Some 17% of incidents were leveraged for spam campaigns, which are oftentimes successful since the spam mail looks like it is coming from a real, familiar, or reliable email address, said the report. Additionally, 5% of attacks involved an email asking the recipient to download an attachment, added the report.
The emails with attachments all involved organizations’ internal email accounts, which makes the attack even more dangerous, since many email security systems don’t scan internal email traffic for threats.
Only 6% of compromised employees were executives, meaning the rest were entry to mid-level employees, according to the report. Lower level employees are actually better targets than high level employees, since newer employees don’t typically have as much cybersecurity training, said the report.
However, some 22% of ATO incidents happened to employees in sensitive departments, such as HR, IT, finance, and legal, said the report. This data shows that cybercriminals have a strong preference for more sensitive areas, as those sectors have more important personal and financial information.
Businesses must stay up to date on email and web security, both externally and internally. Check out this TechRepublic article for more information on how to protect yourself from phishing attacks.
The big takeaways for tech leaders:
- Account takeover attacks (ATO) are on the rise, and most (78%) result in phishing attacks within companies. — Barracuda, 2018
- 22% of ATO incidents target sensitive departments, meaning businesses must stay updated on cybersecurity efforts. — Barracuda, 2018