Security Global Forum

In recent years, email-based cyberattacks have become increasingly sophisticated, targeting organizations of all sizes. A recent analysis of email attack trends spanning from early June 2023 to the end of May 2024 sheds light on significant patterns in how these attacks impact different-sized companies.

Notably, a substantial 42% of email attacks on larger organizations involve lateral phishing, a method where attackers use compromised internal accounts to spread their threats. This report delves into the specifics of these attacks, comparing their impact on smaller versus larger organizations and examining related trends.

Overview of Email Attack Trends

Email attacks are a prevalent threat in the cybersecurity landscape, with tactics evolving to exploit vulnerabilities in both technology and human behaviour. The recent data highlights distinct patterns based on company size:

1. Lateral Phishing in Larger Companies

   • Larger organizations, defined here as those with several thousand employees or more, are particularly susceptible to lateral phishing. This type of attack involves infiltrating internal email systems and then sending phishing messages to other employees within the same organization.
   • The data indicates that 42% of email attacks targeting these large companies utilize this method. Lateral phishing is particularly concerning because it leverages the trust and internal relationships within an organization, making it harder for employees to recognize the threat.
     
     

2. External Phishing Attacks on Smaller Companies

   • Smaller companies face a higher proportion of external phishing attacks, with 71% of targeted threats over the past year falling into this category. External phishing involves attacks originating from outside the organization, often aiming to deceive employees into disclosing sensitive information or installing malicious software. This trend suggests that smaller companies might be less equipped to defend against these external threats compared to their larger counterparts.
     
     

3. Extortion Attacks

   • Extortion attacks, where attackers threaten to release sensitive information or disrupt business operations unless a ransom is paid, are more common in smaller companies. The data reveals that smaller businesses experience extortion attacks at a rate approximately three times higher than larger firms.
     
     
   • Specifically, extortion constitutes 7% of targeted attacks against smaller companies, while it makes up only 2% of attacks on larger organizations. This discrepancy may be attributed to smaller companies' potentially weaker security measures and less robust incident response plans.
     
     

4. Business Email Compromise (BEC) and Conversation Hijacking

   • The prevalence of business email compromise (BEC) and conversation hijacking remains relatively stable across organizations of different sizes. BEC involves attackers compromising a legitimate business email account to conduct fraudulent activities, while conversation hijacking involves taking over email threads to deceive recipients.
     
     
   • These types of attacks are a persistent threat regardless of company size, indicating that they are a common vector for exploitation in the email security landscape.
     
     

Implications for Organizations

The findings underscore the need for tailored cybersecurity strategies based on company size and attack trends:

1. Enhanced Internal Security for Larger Companies

   • Large organizations should prioritize securing internal communications and implementing advanced monitoring systems to detect and mitigate lateral phishing attacks. Training programs should also focus on recognizing internal threats and promoting vigilance among employees.
     
     

2. Strengthened External Defenses for Smaller Companies

   • Smaller businesses need to enhance their defenses against external phishing attacks. This includes investing in robust email security solutions, conducting regular security awareness training, and establishing effective phishing response protocols.
     
     

3. Proactive Measures Against Extortion

   • All organizations, particularly smaller ones, should be prepared for potential extortion attacks. Implementing data encryption, maintaining regular backups, and having a clear incident response plan can help mitigate the impact of such attacks.
     
     

4. Ongoing Vigilance Against BEC and Conversation Hijacking

   • Continuous monitoring and vigilance are essential for all organizations to combat BEC and conversation hijacking. Regular audits of email security practices and user education can help prevent these attacks from succeeding.

Understanding Lateral Phishing

What is Lateral Phishing?

Lateral phishing starts with an account takeover attack, a rapidly growing threat in email security. Attackers who gain control of an account use it to gather detailed information about the organization, its employees, and partners. They then leverage this information to craft highly targeted email messages, which they send from the compromised accounts.

Why Lateral Phishing Matters

The consequences of lateral phishing can be severe. A recent survey revealed that one in seven organizations experienced account takeovers and lateral phishing within a seven-month span. Attackers exploit the trust associated with legitimate accounts to distribute lateral phishing emails across a wide network, impacting many other organizations and potentially causing significant reputational damage to the initial victim.

These attacks are particularly dangerous because they originate from legitimate, though compromised, accounts. This often leads users and email protection systems to mistakenly view these emails as authentic, as they typically come from trusted sources rather than spoofed or external addresses.

Protecting Against Lateral Phishing

To safeguard against lateral phishing, consider the following measures:

1. Security Awareness Training Enhance your security awareness programs to educate users about lateral phishing. Unlike traditional phishing, which often uses forged email addresses, lateral phishing comes from genuine—but compromised—accounts. Therefore, checking sender properties or email headers for spoofing is ineffective. Users should be trained to scrutinize destination URLs and confirm unusual requests with the apparent sender.
   
   

2. Advanced Detection Techniques Lateral phishing is a sophisticated form of email attack that is challenging to detect. Invest in advanced detection systems that utilize artificial intelligence and machine learning to identify phishing emails automatically, reducing reliance on user vigilance alone.
   
   

3. Account Takeover Protection Since lateral phishing exploits compromised accounts, it's crucial to protect against account takeovers. Deploy AI-driven technology that monitors for signs of account compromise and provides real-time alerts and remediation by removing malicious emails from affected accounts.
   
   

4. Two-Factor Authentication (2FA) Implement robust two-factor authentication to reduce the risk of lateral phishing. While hardware-based tokens are more effective, even non-hardware-based 2FA solutions can help limit attackers' access to compromised accounts, making it harder for them to execute successful phishing attacks.
   
   

Conclusion - Email attack trends & lateral phishing

Email attack trends from June 2023 to May 2024 reveals critical insights into how different-sized organizations are affected by various types of email threats. Larger companies are notably impacted by lateral phishing, while smaller companies face a higher risk of external phishing and extortion attacks.

Despite these differences, business email compromise and conversation hijacking remain consistent threats across the board. Organizations must adapt their cybersecurity strategies to address these evolving threats effectively and safeguard their operations against email-based attacks.