Emails are still a viable attack vector, despite the fact that phishing techniques are constantly being improved. Threat actors are using brute force attacks to obtain access to email accounts, according to a report from Abnormal Security.
- Brute force attacks increased by 671 percent in June, with 32.5 percent of organizations being targeted.
- 43 percent of small and mid-sized businesses had at least one successful account takeover in the third quarter of 2021.
- 60 percent of successful account takeovers occur in firms with roughly 5,001 employees.
- Sixty-one per cent of firms experienced a vendor email compromise assault in the third quarter of this year.
Instead of using the typical spray and pray assault method, attackers are using more focused attacks. It is possible for threat actors to obtain access to a variety of sensitive information by using successful brute force attacks. The accounts can then be used to launch more attacks against partners, coworkers, and vendors in order to infiltrate other domains of a business after they have been accessible.
- Attackers pose as well-known brands as well as internal automated systems in order to fool their victims into divulging their passwords or sending money to the attacker’s bank account.
- In the past two quarters, impersonation of internal systems has increased by 46 percent.
- Increased impersonation assaults suggest that threat actors are willing to go to any extent and adapt their approaches for increased success rates.
Advancement in email threats is predicted to stay around for a long time. The fact that these attacks don’t have conventional markers of compromise allows them to slip through the cracks with relative ease It’s time for enterprises to switch to proactive cybersecurity protection as threat actors ramp up their strategies, approaches, and procedures.