- 15 November 2021 11:54
35% of businesses targeted by bait attacks – Barracuda
November 15, 2021. Bait attacks launched via Gmail and other free email services could be making businesses in Asia-Pacific vulnerable to targeted phishing attacks and other threats, according to Barracuda, a trusted partner and leading provider of cloud-enabled security solutions. Taking in more than 10,500 organisations across the globe, Barracuda researchers found that more than a third (35%) of businesses reported being targeted by at least one bait attack in September 2021, with an average of three distinct mailboxes per company receiving one of these messages.
Often used by cybercriminals to research potential victims by testing out email addresses, bait attacks are a form of cyber reconnaissance aimed at improving the odds that an attack will succeed.
Bait attack emails are usually sent with short or even empty content, which makes them hard for conventional phishing detectors to defend against, as they do not contain phishing links or malicious attachments. The goal of these attacks is to either verify the existence of the victim’s email account by not receiving any "undeliverable" emails or to get the victim involved in a conversation that would potentially lead to malicious money transfers or leaked credentials. According to the study, 91% of attacks analysed by Barracuda were sent from Gmail accounts, which according to researchers, is not surprising given that most bait attacks are launched using fresh email accounts from free services, such as Gmail, Yahoo and Hotmail. Attackers also rely on low volume, non-burst sending behaviour to get past any bulk or anomaly-based detectors.
As traditional filtering technology is largely helpless when it comes to blocking bait attacks, Barracuda recommends deploying AI-based defence solutions capable of exploiting data extracted from multiple sources including communication graphs, reputation systems, and network-level analysis to be able to protect against such attacks.
“Businesses in Asia-Pacific should not underestimate the security threat posed by bait attacks, which work to lay the groundwork for targeting phishing and other threats, said Mark Lukie, Systems Engineer Manager, Barracuda, Asia-Pacific.
“Aside from AI technologies to help you defend against bait attacks, making sure employees have the right security awareness training to recognise and report attacks will be crucial in staying protected. This can of course be supported by automated incident response solutions to identify and remediate these messages in minutes, preventing further spread of the attack and helping to avoid making your organisation a future target,” added Mr Lukie.