Lateral Phishing is an attack technique recently discovered by Barracuda which, dramatically, is proving to be far more effective than classic phishing. In this type of attack, scammers take control of one or more company email accounts and from here they start sending phishing emails to both internal colleagues in the organization, and to contacts of other companies.
Since the emails do not arrive from an unknown address but from a source considered reliable, the recipients tend to trust the sender, facilitating the spread of the attack. The Barracuda researchers have identified 154 compromised accounts, from which they then sent mails of Lateral Phishing to a total of about 100,000 recipients.
Of these, 40% were colleagues within the organization, the remaining 60% were sent to partner companies or personal addresses, probably using the contact address book of compromised accounts.
Tips to protect yourself against Lateral Phishing attacks
Since these are attacks based on compromising email accounts, it is essential for companies to protect them better. Enabling two-factor app-based or hardware token authentication can make hackers lives much more difficult, as well as investing in security solutions that include advanced identification techniques.
Training of employees is very important: keeping them constantly updated on new types of threats is essential to reduce the likelihood that such an attack can be successfully carried out.