Socially engineered email attacks prove to be more effective

No Comments
Social Rngineering

The latest quarterly threat report from Abnormal Security shows that increasingly sophisticated and novel socially engineered email attacks that bypass legacy defenses are driving 50 percent higher engagement than traditional email attacks such as credential phishing.

The report also shows that between the first week of July 2020 and the first week of April 2021, the percentage of companies across industries getting hit with vendor email compromise (VEC) attacks increased nearly 120 percent.

According to the FBI's figures socially engineered email attacks were responsible for more than $2.1 billion in lost revenue last year, by far the most of any security threat. Many of this year's high profile attacks, including Colonial Pipeline, started with credential phishing of an employee email account.

The report also shows that employees are nearly four times more likely to engage attackers through lateral phishing attacks from compromised internal accounts than when credential phishing comes from external accounts.

Abnormal has also noted a 250 percent increase in malicious mail filters. These indicate that an attacker either currently has, or has previously, compromised the account and set up mail configurations in order to cover their tracks. At least six percent of the mail filters explicitly forward or redirect internal messages to an external domain, and another eight percent hide invoice related messages. These filters are likely to go undetected by traditional email security measures.

The report's authors highlight the need to protect the supply chain as well as internal systems to ensure effective defense. "These attacks are hard-to-detect for organizations because they leverage trusted relationships. Forward thinking security professionals are increasingly coming to the conclusion their security is tied to their partner ecosystem, which in many cases spend less on security than they do."

The full report is available from the Abnormal Security site.

Image credittashatuvango/depositphotos.com

No Comments

Comments are closed.

Got News? Contact Us

Recent Headlines

We're not going to deal with today's IT admin issues with yesterday's technology

AI-powered data management: Navigating data complexity in clinical trials

Workforces need the skills to defend against AI-enabled threats

Overcoming real-time data integration challenges to optimize for surgical capacity and better care

From Windows XP to Windows 10 -- How Microsoft's end-of-life nag screens have changed

Pour one out for the Linux homies: Fedora 40 released

Phishing attacks up 60 percent driven by AI

Most Commented Stories

Say goodbye to Microsoft Windows 11 and hello to Nitrux Linux 3.4.0 'pl'

62 Comments

The stunning Windows 13 -- yes, 13! -- is the Microsoft operating system we want

20 Comments

Windows 11 slammed for its 'comically bad' performance even on high-end hardware

18 Comments

Microsoft is up to its old tricks yet again -- Windows 10 users harassed with full-screen Windows 11 upgrade warnings

17 Comments

Outrageous: Microsoft to charge $61 for Windows 10 updates -- consider switching to Linux!

17 Comments

Microsoft 'improves' Windows 11 by bringing ads to the Start menu in the US

16 Comments

Microsoft releases preview version of Office 2024 for Windows and macOS -- download it now!

12 Comments

Easter giveaway! Get a licensed copy of 'VideoProc Converter for Windows/Mac' (worth $78.90) for FREE

10 Comments

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.