Press Release

Over 35% of the 10,500 organizations experience at least one bait attack in September 2021, Barracuda researchers identify

Attackers are using the technique to test out vulnerable email addresses; an average of three distinct mailboxes per company receiving one of these messages

 

Barracuda, a trusted partner and leading provider of cloud-enabled security solutions have recently uncovered bait attack techniques used by attackers to test out email addresses and identify those who are willing to respond. Based on analysis by Barracuda researchers, over 35% of the 10,500 organizations were targeted by at least one bait attack in September 2021, with an average of three distinct mailboxes per company receiving one of these messages.

 

Bait attacks, also known as reconnaissance attacks, are a class of threats where the attackers attempt to gather the information that can be used to plan future targeted attacks. They are usually emails with very short or even empty content. The goal is to either verify the existence of the victim’s email account by not receiving any “undeliverable” emails or to get the victim involved in a conversation that would potentially lead to malicious money transfers or leaked credentials.

As the threats do not involve any text, phishing links or malicious attachments, it is hard for conventional phishing detectors to defend against these attacks. Moreover, to avoid being detected, the attackers typically use fresh email accounts from free services, such as Gmail, Yahoo, or Hotmail, to send the attacks. They also rely on a low volume, non-burst sending behavior in an attempt to get past any bulk or anomaly-based detectors. For more targeted phishing attacks, they’ve started researching potential victims, working to collect information that will help them improve the odds that their attacks will succeed.

 

Sharing his insights on the attacks, Murali Urs, Country Manager, India, Barracuda Networks said, “As attackers work to make their phishing attacks more targeted and effective, they’ve started researching potential victims to collect information that will help them improve the odds that their attacks will succeed.”

 

To safeguard their employees from falling prey to bait attacks, organizations need to deploy AI to identify and block them. Traditional filtering technology is largely helpless when it comes to blocking bait attacks. The messages carry no malicious payload and usually come from Gmail, which is considered highly reputable. AI-based defense is a lot more effective as it exploits data extracted from multiple sources including communication graphs, reputation systems, and network-level analysis, to be able to protect against such attacks.

 

Training is yet another factor that can help to a large extent. Trained users can recognize and report bait attacks that may still land in users’ inboxes. So organisations must conduct security awareness training and simulation campaigns and encourage users to report these attacks to the IT and security teams.

 

When bait attacks are identified, it’s important to eliminate them from users’ inboxes as quickly as possible before users open or reply to the message. Automated incident response can help identify and remediate these messages in minutes, preventing further spread of the attack and helping to avoid making your organization a future target.

 

About Barracuda Networks

At Barracuda we strive to make the world a safer place. We believe every business deserves access to cloud-enabled, enterprise-grade security solutions that are easy to buy, deploy, and use. We protect email, networks, data and applications with innovative solutions that grow and adapt with our customers’ journey. More than 200,000 organizations worldwide trust Barracuda to protect them — in ways they may not even know they are at risk — so they can focus on taking their business to the next level. For more information, visit barracuda.com.   Barracuda Networks, Barracuda and the Barracuda Networks logo are registered trademarks or trademarks of Barracuda Networks, Inc. in the U.S. and other countries.

 

 

 

 

 

 

Leave a Response