More than 44 percent of businesses fall victim to email account takeovers
Targeted attacks launched via a compromised account were the most successful email attack vector in the past 12 months according to new research.
The study carried out for email security company Agari by Osterman Research reveals that 44 percent of organizations have been victims of a successful ATO-based attack.
Agari identifies five steps to ATO-based attacks, including account access, control, reconnaissance, targeted attacks and data exfiltration or fraudulent financial payments. The attacks come from four types of senders: strangers, employee webmail accounts, trusted third parties and insider business accounts. While strangers accounts send 90 percent of ATO-based attacks, trusted third parties send nine percent.
"Agari's research demonstrates what CISOs have suspected for years: traditional email security solutions, such as secure email gateways, based on inspection and reputation are unable to detect advanced email attacks, such as account takeover," says Ravi Khatod, CEO of Agari. "As criminals have refined their techniques, impersonating and targeting the highest levels of corporate leadership, organizations risk giving away the keys to the kingdom; only Agari can stop the rising tide of compromised accounts before they reach the CEO."
Agari's Identity Intelligence machine learning algorithms can model the behavior of compromised accounts used to launch targeted email attacks and help guard against threats.
Knowing which emails can be trusted is a key part of preventing this type of attack too. The DMARC standard has been a help here but it still doesn't provide a positive confirmation of trust. For this reason Agari is also supporting the new Brand Indicators for Message Identification (BIMI) standard aims to build greater trust in email for businesses and consumers alike.
Patrick Peterson, the founder and executive chairman of Agari says, "BIMI is built on top of DMARC, we think of it as DMARC 2.0. If a message is authentic based on DMARC and the sender is participating in BIMI, then a logo will be added at the gateway that gets displayed in the web client to verify that the sender is genuine. Companies will have to go through a mark validating authority to get their logo approved."