Brute force email attacks and account takeover attempts against businesses have increased a whopping 671%, as attackers find novel ways for phishing credentials, according to new data.
In its Q3 2021 email threat report, cloud-native email security platform Abnormal Security revealed a significant increase in attacks that are often used as launchpads for more significant attacks such as ransomware and malware.
The report also finds that cybercriminals are conjuring new ways to trick employees into giving away their credentials, invariably resulting in significant financial damages to businesses.
We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.
- Here are the best email services currently available
- We've put together a list of the best endpoint protection software
- These are the best email hosting providers
“Socially-engineered attacks are dramatically rising within enterprises, worldwide, creating unprecedented financial and reputational risks. These never-before-seen attacks are becoming more sophisticated with every passing day,” said Evan Reiser, Abnormal Security CEO.
The report also found that more than half of the surveyed organization (61%) have experienced a vendor email compromise or a supply chain attack in Q3 2021.
In order to commit vendor email compromise, threat actors first gain access to a vendor’s account, which then enables them to hijack existing conversations for nefarious purposes, such as sending fraudulent invoices.
Impersonation is on the rise as well, with attackers masquerading as well-known brands to trick victims into submitting credentials. Another popular attack vector is to impersonate internal business systems, with the report revealing that fake emails from internal departments like IT Help Desk and IT Support rising 46% over the past two quarters.
Reiser adds that what makes these new breed of email scams dangerous is that they don’t contain the usual indicators of compromise, such as links, attachments and reputational risks.
“So they evade secure email gateways and other traditional email infrastructure, landing in inboxes where unsuspecting employees fall victim to their schemes, which include ransomware,” suggests Reiser.
- Protect your devices with these best antivirus software