A report published by Barracuda Networks and researchers at UC Berkley which examines email compromise attacks at 111 organisations sheds light on how email is abused in cyber-attacks – often as the opening shot in the attack.
The research reveals that 30% of the attacks were part of the emerging economy of ‘accounts for sale’ where the initial compromise was performed by one attacker and the credentials passed on to another criminal for exploitation.
20% of the compromised accounts were included in at least one published password data breach – suggesting criminals are counting on password reuse and credential stuffing attacks.
Compromised email has also been implicated in the ransomware attack against Norsk Hydro in March 2019. A detailed report on the cyber-attack published by Bloomberg Businessweek explains how the ransomware was delivered into the Norsk Hydro network in an email from an existing customer. The customer’s email account was compromised by the attackers and an email was intercepted and altered to introduce the malware payload into the attachment which Norsk was expecting to receive – ensuring it was opened.
For more traditional spear-phishing emails, Barracuda reports that 10% of emails are actually opened and links clicked by the intended target – unless the email claims to be from HR or the IT department and then the success rate rises to 30%