CyberNews Briefs

Lateral Phishing Attacks: A Growing Threat to the Enterprise

A new study by Barracuda sheds light on the rise of lateral phishing campaigns in which one or more compromised employee accounts in an organization are used to target other employees in the same organization. Lateral phishing is similar to business email compromise (BEC), but while the latter is usually about getting victims to carry out fraudulent wire transfers, the main goal of the former is usually credential theft.

The report found that 11% of lateral phishing attacks resulted in the attackers compromising additional employee accounts. In 42% of these successful attacks, the department in charge of account security was not notified of the breach, which made it possible for threat actors to use the newly compromised accounts for further attacks. 45% of lateral phishing attacks were agnostic / opportunistic in terms of the accounts they targeted, while 29% targeted a specific account, 25% targeted all accounts in a given organization, and the remaining 1% targeted a partner organization .

Read more: Lateral Phishing Attacks: A Growing Threat to the Enterprise

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.