Spear-Phishing

Is 2019 the year credential stuffing dominates the threat landscape?

April 2, 2019 By Phil Muncaster

Headline writers love data breaches. As explained last month, they pit hackers versus security professionals in a good versus evil stand-off that makes for a great story. But there’s way more to the threat landscape than breaches. Increasingly we’re seeing a whole new category of follow-on attacks using the breached log-in records currently flooding the dark web in their millions.

Credential stuffing leads the pack, and IT leaders should be concerned. It’s estimated to cost US firms alone over $5bn annually and has already affected some big-name brands this year including Nest, Dunkin’ Donuts, Dailymotion and OkCupid.

Credential stuffing attacks rely on password-only authentication and the fact that people share logins across multiple sites and accounts. Click To Tweet

Brutal account takeovers

Credential stuffing is a kind of brute-force attack which uses automated tools to try large volumes of stolen log-in data simultaneously across multiple sites until one works. It relies upon the fact that many organisations still allow customers and employees to use password-only log-ins, and the fact that these users have so many to manage that they resort to sharing credentials across multiple sites and accounts. One company estimates that the average employee today has to manage over 190 passwords.

Phil Muncaster

Phil Muncaster is a technology writer and editor with over 12 years’ experience working on some of the biggest technology titles around, including Computing, The Register, V3 and MIT Technology Review. He spent over two years in Hong Kong immersed in the Asian tech scene and is now back in London where information security has become a major focus for his work.

Follow Phil on Twitter and connect with him on LinkedIn.

http://www.barracuda.com

Free in-depth report: Spear Phishing: Top Threats and Trends

March 19, 2019 By Christine Barry

Spear phishing has become one of the most dangerous threats to businesses across the globe. Barracuda has followed this threat closely and it has been the subject of several of our blogs and other published articles. Today our Barracuda email security experts are releasing a new report, ‘Spear Phishing: Top Threats and Trends,’ which gives you a deep dive into these attacks and how they work.

Download the report here

This free report offers in-depth information on this global threat, including details on how these attacks are constructed, why they can bypass traditional email security defenses, and how you can protect your company.

Spear phishing is one of the most dangerous threats to businesses around the globe. Download this new report on the top threats and trends to learn how to protect your company from these attacks. Click To Tweet

Christine Barry

Christine Barry is Senior Chief Blogger and Social Media Manager at Barracuda. In this role, she helps bring Barracuda stories to life and facilitate communication between the public and Barracuda internal teams. Prior to joining Barracuda, Christine was a field engineer and project manager for K12 and SMB clients for over 15 years. She holds several technology credentials, a Bachelor of Arts, and a Master of Business Administration. She is a graduate of the University of Michigan.

Connect with Christine on LinkedIn and follow her on Twitter here.

https://blog.barracuda.com

Your user reported a phishing email? What’s next?

March 14, 2019 By Olesia Klevchuk

No email security solution is 100% effective. Hackers put a lot of effort into developing attacks that circumvent email protection and end up in users inboxes. Every day IT and security teams receive dozens of reports from their users with suspicious messages that need to be investigated and remediated. With only 17% of attacks reported by users, businesses need effective forensics tools to help them stay ahead of attackers.

Register now for this free webinar

Spear-Phishing Incident Response:
Best Practices to Minimize Risk

Available On Demand

Already resource-constrained IT professional spend hours on incident response: trying to identify the scope of the attacks, impacted users, clean up malicious messages from inboxes and learn from the attack so that they can prevent it from happening again. These are time-consuming procedures when performed manually, and human error can leave gaps in the process. For most organizations it takes hours, if not days, to remediate a single incident, leaving the organization vulnerable to the spread of the attack.

Fortunately, there are steps you can take to improve your incident response through user education, automated incident response, and forensic analysis to block future attacks.

Manual incident response is tedious, time-consuming, and can increase the risk of a data breach or financial loss.Click To Tweet

Join me next Wednesday, March 20 for a free webinar to learn how you can build a more effective incident response program for your organization.

Why the rapidly rising tide of spear-phishing attacks doesn’t have to mean increasing risks

Why manual incident response can increase your risk of a data breach or financial loss
How to isolate, eliminate, and clean up after attacks, before it has the chance to spread
How to use post-incident forensics to proactively identify existing attacks lurking in delivered email
How Barracuda Forensics and Incident Response can make it faster, easier, and more effective

Register here for this free webinar. If you can’t attend the webinar, you can register and then view the on-demand webinar on your own schedule.

Olesia Klevchuk

Olesia Klevchuk is a Senior Product Marketing Manager for email security at Barracuda Networks. In her role, she focuses on defining how organizations can protect themselves against advanced email threats, spear phishing and account takeover. Prior to Barracuda Olesia worked in email security, brand protection and IT research.

Connect with Olesia on LinkedIn.

https://www.barracuda.com

Threat Spotlight: Sextortion

February 28, 2019 By Asaf Cidon

Protect your business and your employees from sextortion scams.

Beware: These blackmail scams are increasing in frequency, becoming more sophisticated, and bypassing email gateways.

Barracuda Research analysis: 1 in 10 spearphishing attacks are blackmail or sextortion attacks. Click To Tweet

Barracuda researchers have uncovered some startling new revelations about sextortion scams. In the past, sextortion scams were used as part of large-scale spam campaigns. Now, they’ve expanded in scope, even since Barracuda first highlighted this type of attack last fall.

A recent analysis of spear phishing attacks targeted at Barracuda customers found that 1 in 10 were blackmail or sextortion attacks. In fact, employees are twice as likely to be targeted in a sextortion scam than a business email compromise attack.

Asaf Cidon

Asaf Cidon is vice president of content security services at Barracuda Networks. In this role, he is one of the leaders for Barracuda Sentinel, the company's AI solution for real-time spear phishing and cyber fraud defense. Barracuda Sentinel utilizes artificial intelligence to learn the unique communications patterns inside customer organizations to identify anomalies and guard against these personalized attacks. Asaf was previously CEO and co-founder of Sookasa, a cloud storage security startup that was acquired by Barracuda. Prior to that, he completed his PhD at Stanford, where his research focused on cloud storage reliability and performance. He also worked at Google’s web search engineering team. Asaf holds a PhD and MS in Electrical Engineering from Stanford, and BSc in Computer Engineering from the Technion.

Connect with Asaf on LinkedIn.

http://www.barracuda.com

Threat Spotlight: New spear phishing attack gift card scam

November 29, 2018 By Asaf Cidon

When sending social engineering-based attacks, attackers have always used context and timing to their advantage. Combined with the psychological advantage of impersonating someone in a position of authority, the attackers can lure the target, often a low or mid-level employee, to take an action desired by the attacker by simply sending a well-timed email that has highly relevant contextual information —without requiring any type of malicious payload.

A great example of this approach is a recent large-scale impersonation campaign involving gift cards, which is the subject of this month’s Threat Spotlight. [Read more…] about Threat Spotlight: New spear phishing attack gift card scam

Asaf Cidon

Connect with Asaf on LinkedIn.

http://www.barracuda.com