Executives Using Office 365 Targeted by New Scam
Recently, cybercriminals instigated a high-end spear-phishing campaign targeting executive users of Office 365. The attack bypassed multi-factor...
In this blog, we’ll be highlighting an emerging threat known as lateral phishing.
While account takeover has been one of the most common and fastest growing email security threats in recent years, researchers have uncovered a new type of account takeover attack they’ve coined, “lateral phishing”.
Using hijacked accounts they’ve recently compromised successfully, attackers send out phishing emails to a variety of recipients. Recipients of the phishing emails will range from close contacts with a company or organization, to clients or partners at other companies or organizations.
As researchers continue to dive into this new form of account attack, a study completed by joint efforts with UC Berkeley and UC San Diego discovered that 1 in 7 organizations have experienced lateral phishing attacks over the past seven months (Source).
In addition to the frequency, this emerging trend has a surprisingly large effect on the victim of the attack, sometimes hijacking over 100,000 email recipients. Attackers are able to do this in large part because emails are going to trusted recipients, leading to a greater level of success for attackers.
1. Two-factor authentication
We’ve touched on the importance of two-factor authentication for many reasons before, and it is no exception when it comes to the risk of lateral phishing. Make sure your employees and anyone with access to sensitive data within your organization is properly utilizing two-factor authentication.
2. Cybersecurity Awareness Training for Employees
More often than not, a breach begins from an employee uneducated on the inherent cybersecurity risks within your organization. The best prevention techniques begin with educating your employees to identify “red flags” and report concerns to your IT team whenever they notice something suspicious. The same goes for lateral phishing.
3. Establish Detection Techniques
You may no longer be able to rely solely on your employees and IT team to identify lateral phishing in progress. It’s recommended that your company install advanced detection techniques and services. These techniques will utilize artificial intelligence and machine learning to automate the detection process, successfully identifying phishing emails risks and eliminating the need for human detection entirely.
If you have questions about lateral phishing prevention at your organization, or would like to learn more about installing automated detection techniques, please reach out to PK Tech.
Recently, cybercriminals instigated a high-end spear-phishing campaign targeting executive users of Office 365. The attack bypassed multi-factor...
When it comes to phishing attacks, a few techniques are most commonly used to attack PCs. Data from cybersecurity company Proofpoint analyzed...
Are you doing enough to protect your business and yourself from phishing attacks? If you think you aren’t likely to be a victim, we recommend...