August 20, 2019 By Shane Schick 2 min read

Security researchers discovered that 1 in 7 organizations were hit with lateral phishing attacks over a seven-month period.

As Bleeping Computer reported, the study, which was conducted by the University of San Diego, the University of Berkeley and Barracuda Networks, analyzed the results of 180 campaigns that used the technique in which cybercriminals sent phishing messages from compromised internal corporate email accounts.

The results showed that, over the seven-month period, 42 percent of incidents were not even reported to IT departments. This could help explain why 11 percent of organizations affected by lateral phishing campaigns had additional employee accounts compromised.

Working With Addresses Employees Trust

While those behind traditional phishing campaigns sometimes go to great lengths to impersonate banks or other third parties, lateral attacks could pose an even greater risk because employees see messages coming from a known sender.

In 63 percent of cases analyzed by the study, the content of the messages used commonplace phrases such as “shared document” or “account error.” However, the researchers noted that rogue actors weren’t relying on the email addresses alone to dupe victims. For example, 37 percent tailored the message content to the target victim, or at least used language that would be relevant to an enterprise audience.

Rather than simply sending a one-time message as a lure, meanwhile, the study found one-third of lateral attacks erased phishing messages from the compromised account or responded to questions from the recipient to be even more convincing.

No matter the approach, more than half of lateral attacks (55 percent) were deliberately aimed at those with a work or personal connection to the company that owned the compromised account. Almost all such phishing campaigns were run during normal working hours, the research report’s authors added.

On the other hand, researchers said 45 percent of lateral attacks didn’t make use of relationships between the owner of a compromised account and those they might know directly. Instead, 29 percent of the phishing campaigns studied simply drew upon recent or close contacts.

Reduce the Risk of Lateral Phishing Attacks

While lateral phishing attacks have some built-in advantages for cybercriminals, organizations that use perimeter protection and security information and event management (SIEM) as part of a layered security approach have a better chance of protecting their data.

This should be coupled with ongoing employee awareness training to ensure employees understand that not all phishing messages will come from spoofed addresses, but also senders that look all too familiar.

More from

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

Protecting your digital assets from non-human identity attacks

4 min read - Untethered data accessibility and workflow automation are now foundational elements of most digital infrastructures. With the right applications and protocols in place, businesses no longer need to feel restricted by their lack of manpower or technical capabilities — machines are now filling those gaps.The use of non-human identities (NHIs) to power business-critical applications — especially those used in cloud computing environments or when facilitating service-to-service connections — has opened the doors for seamless operational efficiency. Unfortunately, these doors aren’t the…

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today