Socially engineered email attacks prove to be more effective
The latest quarterly threat report from Abnormal Security shows that increasingly sophisticated and novel socially engineered email attacks that bypass legacy defenses are driving 50 percent higher engagement than traditional email attacks such as credential phishing.
The report also shows that between the first week of July 2020 and the first week of April 2021, the percentage of companies across industries getting hit with vendor email compromise (VEC) attacks increased nearly 120 percent.
According to the FBI's figures socially engineered email attacks were responsible for more than $2.1 billion in lost revenue last year, by far the most of any security threat. Many of this year's high profile attacks, including Colonial Pipeline, started with credential phishing of an employee email account.
The report also shows that employees are nearly four times more likely to engage attackers through lateral phishing attacks from compromised internal accounts than when credential phishing comes from external accounts.
Abnormal has also noted a 250 percent increase in malicious mail filters. These indicate that an attacker either currently has, or has previously, compromised the account and set up mail configurations in order to cover their tracks. At least six percent of the mail filters explicitly forward or redirect internal messages to an external domain, and another eight percent hide invoice related messages. These filters are likely to go undetected by traditional email security measures.
The report's authors highlight the need to protect the supply chain as well as internal systems to ensure effective defense. "These attacks are hard-to-detect for organizations because they leverage trusted relationships. Forward thinking security professionals are increasingly coming to the conclusion their security is tied to their partner ecosystem, which in many cases spend less on security than they do."
The full report is available from the Abnormal Security site.
Image credit: tashatuvango/depositphotos.com