IT and Business Insights for SMB Solution Providers

Barracuda intel exposes the latest strategies cybercriminals are using to get past email security gateways

Barracuda, a trusted partner and leading provider for cloud-enabled security solutions, released key findings from a report with the title Spear Phishing: Top Threats and Trends. Barracuda researchers evaluated more than 360,000 spear-phishing emails in a three-month period, identifying and analyzing three major types of attacks: brand impersonation, business email compromise, and blackmail.

The report takes an in-depth look at how these three types of attacks work, why traditional email security can't stop them, the latest techniques scammers are using, and how organizations can protect against these attacks.

A Closer Look at Evolving Threats

Barracuda's research uncovered fresh insights into how these popular attacks are evolving and the tactics they are using to evade detection.

  • Impersonating Microsoft is one of the more common techniques used by hackers trying to take over accounts.
  • Financial institutions are impersonated in nearly 1 in 5 attacks. Finance department employees are heavily targeted, as they are most likely to deal with banks and other financial institutions.
  • The majority of subject lines on sextortion emails contain some form of security alert.
  • Attackers often include the victim's email address or password in the subject line.
  • Subject lines on more than 70 percent of business email compromise attack emails try to establish rapport or a sense of urgency; many imply the topic has been previously discussed.
  • Scammers use name-spoofing techniques, changing the display name on Gmail and other email accounts to make the email appear to come from a company employee. This tactic can be especially deceiving to those reading the email on a mobile device.

"Spear phishing attacks are designed to evade traditional email security solutions, and the threat is constantly evolving as attackers find new ways to avoid detection and trick users," said Asaf Cidon, VP, Content Security at Barracuda Networks. "Staying ahead of these types of attacks requires the right combination of technology and user training, so it's critical to have a solution in place that detects and protects against spear-phishing attacks, including business email compromise, brand impersonation, and sextortion."

Barracuda Sentinel uses artificial intelligence and deep integration with Office 365 to detect spear phishing attacks and stop them before they reach your mail server. Total Email Protection takes that protection a step further, combining Barracuda Sentinel with Barracuda Essentials, Barracuda PhishLine, and Barracuda Forensics and Incident Response for a complete email security, archiving, and data protection solution.

Topic/Solution/Product: 
ChannelPro SMB Magazine
SUBSCRIBE FREE!

Get an edge on the competition

With each issue packed full of powerful news, reviews, analysis, and advice targeting IT channel professionals, ChannelPro-SMB will help you cultivate your SMB customers and run your business more profitably.