Account-based email attacks have hit almost half of all businesses barely a year after making their first appearance -- and they are spreading rapidly because they are hard to detect, according to a study by Osterman Research sponsored by Agari and other vendors.
Of 140 organizations surveyed, 44% say they were victimized by an account-based (ATO) email attack in the past 12 months.
In addition, based on internal research, Agari has seen a 126% increase in ATO attacks month-over-month in early 2018.
The study notes that such attacks were virtually nonexistent prior to 2017 -- but they are now the most successful email attack category.
Agari defines an ATO attack as “the process of gaining unauthorized access to a trusted email account, and using this compromise to launch subsequent email attacks for financial gain or to execute a data breach.”
The company reports that 91% of such attacks come from outside organizations, 8% from trusted parties and 1% from employee webmail. However, no insider attacks were observed.
ATO overcomes security solutions likesecure email gateways because they are sent from established email accounts, requiring no spoofing or display name deception.
In addition, victims are more likely to open them and reveal sensitive data because they have trust relationships with the purported user.
“Account takeover attacks should be considered a very serious risk because they target the highest levels of leadership, but are extremely difficult to detect,” states Michael Osterman, president of Osterman Research.
According to the study, successful attackers take five steps:
Agari recommends these defenses:
Osterman polled companies with an average of 16,821 email users. In addition, Agari analyzed over 1400 untrusted messages over a two-month period.