A growing trend has been found that targets enterprises with phishing emails from compromised email accounts within the same organization. When an attacker performs a phishing attack, the goal is to trick the target to do a specific action by convincing them that the received email is legitimate. Using compromised email accounts from inside the same organization, or with the same domain name is an easy way to trick the victim. Researchers have recently published a study of nearly 100 businesses that have fallen victim to these types of attacks. The study showed that approximately 11% of the attacks were successful, a higher percentage compared to normal phishing schemes, and that 42% of these emails were not reported to the organization’s IT security team. Not reporting these attacks allows hackers to carry out multiple attacks with one compromised account. When performing these attacks, the hackers targeted individual users in the same organization, targeted the entire organization or used the compromised email account to target the organization’s partners. Among the emails studied, 63% of the attacks used commonplace variants of the “shared document” and “account problem” messages. The attackers were found to be deleting the sent emails shortly after sending them to avoid detection by the account owner. The primary use of these lateral phishing campaigns was an attempt to steal login credential of the victims.
When evaluating a Managed Detection & Response (MDR) service there are 5 critical components that