DailyPost 1056
LATERAL PHISHING
Fishing has been a major preoccupation of mankind since time immemorial and the staple of coastal life and economy. The digital world has created its own own variant called Phishing, which in simple terms means duping a digital user through compromising email / attachments making him believe in its integrity and then doing good with data of any / every kind. Though ransomware is making waves in the world of hacking yet phishing with its variants continues to make considerable damage with the ingenuity it possesses.
The innocuous mail is made into an hacking tool by the use of social engineering and injecting in a smooth unsuspecting manner. Having its humble origin in some amount of background study of the victims & organisations, it moved further to gaining more specialised operational capabilities, in the form of Spear Phishing. Spear Phishing derives its name from Spear, a very targeted Phishing attack, making itself sure of its success, by the amount of research and effort made on the victim background. The next stage is known as Whaling where the targets are high net worth / highly positioned professionals on whom disproportionate impact can be wrecked.
The latest to hit this iconic ancestry is Lateral Phishing. Think of a situation of receiving an email from a hacked account from within your organisation, would you ever doubt it as being a legitimate account. You might never even know that it was an hacked account. A new research study reveals that organisational account takeovers push lateral phishing. This was done by a team of researchers from Barracuda Networks, the UC-Berkeley and UC- San Diego, who had teamed up to study the nature of email account takeovers. It was found that it is a growing organisational threat and that email account takeover attacks are widespread.
The findings are; one in seven enterprises experienced lateral phishing attacks, of the organisations suffering this attack, over 60% experience multiple incidents. 11% attacks are successful and 42% go unreported. 63% of the attacks are still generic and 37% have tailored content. Users give in to falsely created alerts and fake ”shared links”. Humans continue to be the weakest link.
LATERAL PHISHING IS A GREAT INNOVATIVE WAY OF USING HACKED ACCOUNTS.
Sanjay Sahay