SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Cyber criminals turn to Gmail and AOL to advance attacks
Tue, 11th Aug 2020
FYI, this story is more than a year old

Cyber criminals are using increasingly sophisticated means, with the latest example of this being official email services used to impersonate and scam 6,600 organisations in 2020.

According to email security firm Barracuda Networks, cyber criminals are increasingly registering accounts with legitimate services, such as Gmail and AOL, to use them in impersonation and business email compromise attacks.

In their most recent threat spotlight report, Barracuda researchers observed that 6,170 malicious accounts that have used Gmail, AOL and other email services, have been responsible for over 100,000 BEC attacks which have impacted nearly 6,600 organisations.

Furthermore, since April 1 these ‘malicious accounts' have been behind 45% of all BEC attacks detected, the researchers state.

Essentially, cyber criminals are using malicious accounts to impersonate an employee or trusted partner, and send highly personalised messages for the purpose of tricking other employees into leaking sensitive information, or sending over money.

The report finds that cyber criminals' preferred choice of email service for malicious accounts is Gmail, which accounts for 59% of all email domains used by cyber criminals.

Yahoo, is the second most popular, accounting for just 6% of all observed malicious account attacks.

Researchers at Barracuda also observed that most malicious accounts (29%) are used for less than 24-hour periods – most likely to avoid detection and suspensions from email providers.

However, it's not unusual for cyber criminals to return and re-use an email address for an attack after a long break.

Having analysed attacks on 6,600 organisations, Barracuda researchers found that in many cases, cyber criminals used the same email addresses to attack different organisations.

The number of organisations attacked by each malicious account ranged from one, to a single mass scale attack that impacted 256 organisations - 4% of all the organisations included in the research.

Similarly, the number of email attacks sent by a malicious account ranged from one to over 600 emails, with the average being only 19.

Barracuda Networks VP of Email Protection Michael Flouton says, “The fact that email services such as Gmail are free to set up, just about anyone can create a potentially malicious account for the purpose of a BEC attack.

“Securing oneself against this threat requires organisations to take protection matters into their own hands - this requires them to invest in sophisticated email security that leverages artificial intelligence to identify unusual senders and requests.

“However, no security software will ever be 100% effective, particularly when the sender appears to be using a perfectly legitimate email domain. Thus, employee training and education is essential, and workers should be made aware of how to manually spot, flag and block any potentially malicious content.