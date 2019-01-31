Agari,
Agari,
today published its Q1
2019 Email Fraud & Identity Deception Trends report, which
reveals account takeover-based (ATO) attacks now comprise 20 percent of
advanced email attacks. ATO attacks are dangerous because they are more
difficult to detect than traditional attacks—compromised accounts seem
legitimate to email filters and end users alike because they are sent
from a real sender’s email account.
“Credential phishing was already a huge risk for organizations because
of the potential for data breach, but now there is a new wave of account
takeover attacks leveraging compromised accounts to commit additional
fraud, which evade traditional email security controls,” said Crane
Hassold, Sr. Director of Threat Research, Agari. “Business email
compromise attacks are still very active, especially against C-suite
targets.”
The Agari
Cyber Intelligence Division reports that brand impersonation remains
the most common attack vector, used in 50 percent of advanced email
attacks in the fourth quarter of 2018—with Microsoft impersonated in 70
percent of these instances. Microsoft is a common target for credential
phishing because Office 365 accounts can be used in subsequent ATO
attacks.
A different pattern emerges for executive targets: one-third (33
percent) of advanced email attacks against C-level employees use display
name deception that impersonates an individual—a common tactic for
business email compromise (BEC) attacks, which frequently target CFOs.
Impersonation of the U.S. Internal Revenue Service surged in the fourth
quarter as tax season approached. The IRS was impersonated in nearly one
in ten attacks, up from less than one percent in the July-to-September
quarter. W-2 scams are common in the runup to tax season, as criminals
use phishing emails and social engineering to request a corporation’s
W-2 files, which contain social security numbers, salaries and other
confidential data that can be used to commit tax fraud or identity theft.
Adoption of DMARC, an email authentication standard, grew steadily
during Q4 with a 15% increase in total DMARC records compared to Q3 ‘18.
As the number of valid Internet domains has increased from 283 million
to 323 million during this Q1 report, DMARC adoption among these domains
increased from 5.3 million to 6.1 million. Among the Fortune 500, DMARC
adoption was only 54 percent, up from 51 percent three months ago.
The Impact of Phishing Incident Response
In a survey of more than 300 businesses in the U.S. and U.K., Agari
determined that employees at the average company report 23,053 phishing
incident reports per year—yet 50 percent are false positive reports.
Responding to a phishing incident takes an average of 353 minutes
(almost six hours); and even false positives take an average of 238
minutes (four hours). All of these reports and hours add up—at a cost of
$253 per phishing incident—or more than $4.3 million per year in
Security Operations Center (SOC) costs to required to triage,
investigate and remediate phishing incidents.
“Many organizations' security operations teams report that their work
around investigating suspected phishing emails is heavily repetitive and
requires many meticulous steps, such as checking multiple blacklists and
different IT systems within the company,” reports Gartner Research VP
and Distinguished Analyst Anton Chuvakin and VP Analyst Augusto Barros
in Preparing Your Security Operations for Orchestration and Automation
Tools, in February 2018.
