Hackers are pulling no punches when it comes to email attacks

Cartoon Phishing
(Image credit: Shutterstock / DRogatnev)

Brute force email attacks and account takeover attempts against businesses have increased a whopping 671%, as attackers find novel ways for phishing credentials, according to new data.

In its Q3 2021 email threat report, cloud-native email security platform Abnormal Security revealed a significant increase in attacks that are often used as launchpads for more significant attacks such as ransomware and malware

The report also finds that cybercriminals are conjuring new ways to trick employees into giving away their credentials, invariably resulting in significant financial damages to businesses.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

“Socially-engineered attacks are dramatically rising within enterprises, worldwide, creating unprecedented financial and reputational risks. These never-before-seen attacks are becoming more sophisticated with every passing day,” said Evan Reiser, Abnormal Security CEO.

Growing complexity

The report also found that more than half of the surveyed organization (61%) have experienced a vendor email compromise or a supply chain attack in Q3 2021.

In order to commit vendor email compromise, threat actors first gain access to a vendor’s account, which then enables them to hijack existing conversations for nefarious purposes, such as sending fraudulent invoices.

Impersonation is on the rise as well, with attackers masquerading as well-known brands to trick victims into submitting credentials. Another popular attack vector is to impersonate internal business systems, with the report revealing that fake emails from internal departments like IT Help Desk and IT Support rising 46% over the past two quarters.

Reiser adds that what makes these new breed of email scams dangerous is that they don’t contain the usual indicators of compromise, such as links, attachments and reputational risks. 

“So they evade secure email gateways and other traditional email infrastructure, landing in inboxes where unsuspecting employees fall victim to their schemes, which include ransomware,” suggests Reiser.

TOPICS
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.