US-based cyber security firm Barracuda Networks on Thursday said it has identified 6,170 malicious accounts (mainly Gmail) responsible for over 1 lakh business email compromise (BEC) attacks on nearly 6,600 organisations to date this year.
Barracuda researchers found that in many cases, hackers were using the same email addresses to attack different organisations.
The number of organisations attacked ranged from one-to-a-one mass scale attack that impacted nearly 256 organisations overall.
“Malicious accounts were responsible for 45 per cent of all BEC attacks detected since April 1. These repeat offenders created multiple attacks, targeting multiple organisations from the same email accounts,” said Murali Urs, Country Manager-India, Barracuda Networks.
“The preferred choice of email service for these malicious accounts is Gmail as it is accessible, free, easy to register and has a high enough reputation to pass through email security filters,” Urs added.
However, most of the time hackers don’t use their bad emails for a long period.
In fact, the researchers saw 29 per cent of malicious account accounts were used only for a period of 24 hours.
“But some hackers were using the same email address by changing the display names for their impersonation attempts,” he said.
Business email compromise is a highly targeted attack. After the initial research period, hackers impersonate an employee or trusted partner in an email attack.
The first email is usually used to establish contact and trust.
Hackers always expect a reply to their BEC attacks. Therefore, these attacks are usually attempted at a very low volume and are highly personalised to ensure a higher chance of a reply.
The researchers identified 6,170 malicious accounts used Gmail, AOL and other email services.
Organisations can safeguard themselves from malicious accounts by investing in protection against business email compromise, said the researchers.
“Business enterprises can also train their employees to identify targeted phishing attacks by recognising the messages that come from outside of organisations and stay aware of the latest tactics used by cybercriminals,” they added.