• by Ray Schultz , September 24, 2018

The most dangerous incoming emails often look like they come from trusted sources — other employees — judging by The Threat Spotlight, a new report from Barracuda.

These so-called account takeover attacks (ATAs), in which felons steal employee credentials and use them to send emails from their accounts, are on the rise, Barracuda states. 

There are multiple objectives, one being to steal credentials of other employees and sell them on the black market.

Some bad actors use the account to launch personalized attacks. And the most sophisticated, while few in number, infiltrate the accounts of CEOs or CFOs to send a Business Email Compromise (BEC) attack.

Barracuda studied 50 randomly selected companies in the three-month period from April through June. 

Those firms reported 60 incidents, with an average of three per compromised company. From four to eight firms reported at least one incident in each month.

Of the reported attacks, 78% led to phishing emails designed to infect additional accounts, either internal or external.

Only 6% of the attacks hit top executives, with the majority aimed at entry-level or mid-level staffers. Lower-level people are often better targets because they have less cybersecurity training, Barracuda explains.   

Another 22% hit employees in sensitive departments such as HR, IT, finance and legal.

Some emails mimicked link invitations from web services such as OneDrive or DocuSign.

In addition, 17% led to spam campaigns. These work because they come from reputable domains and are less likely to get blocked.

In 5% of the cases, attackers asked victims to download an attachment, exposing them to malware. These attempts were unlikely to be blocked because most security systems do not scan internal traffic for such threats.

The report was authored by Asaf Cidon with research by Grant Ho of the Barracuda Sentinel team.