Cybercriminals target organisations with bait attacks: Barracuda Report

Our Bureau Mumbai | Updated on November 21, 2021

Over 35 per cent of organisations targeted by at least one bait attack in September

Cybercriminals are leveraging various tactics to target organisations with bait attacks.

Cybersecurity firm Barracuda has recently uncovered bait attack techniques used by attackers to test out email addresses and identify those who are willing to respond.

Also see: Workloads set to go up for IT professionals

Based on analysis by Barracuda researchers, over 35 per cent of 10,500 organisations were targeted by at least one bait attack in September 2021, with an average of three distinct mailboxes per company receiving one of these messages.

Gather information

“Bait attacks, also known as reconnaissance attacks, are a class of threats where the attackers attempt to gather the information that can be used to plan future targeted attacks,” the firm explained in an official release.

These are usually emails with very short or even empty content. Bait attacks are meant to help attackers either verify the existence of the victim’s email account by not receiving any “undeliverable” emails or to get the victim involved in a conversation to potentially lead to malicious money transfers or leaked credentials.

“As the threats do not involve any text, phishing links or malicious attachments, it is hard for conventional phishing detectors to defend against these attacks,” it said.

Low volume phishing

Attackers leverage popular free email services such as Gmail, Yahoo, or Hotmail to avoid being detected. They also rely on a low volume, non-burst sending behaviour. This is to avoid detection by any bulk or anomaly-based detectors.

They also research their potential victims at times for more targeted phishing attacks.

Also see: Global tech talent crunch to persist for the next decade: IBM chief

Murali Urs, Country Manager, India, Barracuda Networks, said, “As attackers work to make their phishing attacks more targeted and effective, they’ve started researching potential victims to collect information that will help them improve the odds that their attacks will succeed.”

Employee training

Organisation need to deploy AI-based solutions to help safeguard their employees from falling prey to bait attacks and block such attacks. Employee training will also help avoid such attacks by recognising and reporting bait emails if they land in their inboxes.

“When bait attacks are identified, it’s important to eliminate them from users’ inboxes as quickly as possible before users open or reply to the message. Automated incident response can help identify and remediate these messages in minutes, preventing further spread of the attack and helping to avoid making your organisation a future target,” Barracuda said.

Published on November 20, 2021

Follow us on Telegram, Facebook, Twitter, Instagram, YouTube and Linkedin. You can also download our Android App or IOS App.

  1. Comments will be moderated by The Hindu Business Line editorial team.
  2. Comments that are abusive, personal, incendiary or irrelevant cannot be published.
  3. Please write complete sentences. Do not type comments in all capital letters, or in all lower case letters, or using abbreviated text. (example: u cannot substitute for you, d is not 'the', n is not 'and').
  4. We may remove hyperlinks within comments.
  5. Please use a genuine email ID and provide your name, to avoid rejection.

You May Also Like