Emails are still an effective attack vector as attackers are upgrading their phishing techniques. A report released by Abnormal Security highlights the abnormal rise in brute force attacks as threat actors attempt to gain unauthorized access to email accounts.
Some stats your way
In June, the rate of brute force attacks rose by 671%, and 32.5% of organizations were targeted.
In Q3 2021, small- and mid-sized organizations had a 43% chance of experiencing at least one successful account takeover.
However, organizations with around 5,000 employees have a 60% chance of successful account takeover.
This quarter, 61% of companies underwent a vendor email compromise attack.
Why this matters
Attackers are shifting from the traditional spray and pray technique to more targeted attacks. Successful brute force attacks enable threat actors to gain access to passwords, usernames, and passphrases. Once accessed, jeopardized accounts can be abused for extra attacks on partners, coworkers, and vendors to infiltrate other domains of an organization.
Impersonation is all the rage
Attackers are impersonating both renowned brands and internal automated systems to trick targets into giving up their credentials or sending money.
The past two quarters observed a rise of 46% in impersonation of internal systems.
The rise in highly targeted impersonation attacks indicates that threat actors are willing to go to any lengths and change their tactics for greater success rates.
The bottom line
Advanced email threats are expected to continue for a long time in the future because of their success rates. As these attacks don’t possess conventional indicators of compromise, they fly easily under the radar. As threat actors are amping up their techniques, tactics, and procedures, it is time for organizations to move to proactive cybersecurity defense.