- Hackers leveraging phishing attacks have continued to improve the sophistication of their attacks, using compromised email accounts within an organization to target other users within the enterprise, according to the recent quarterly phishing report from Barracuda Networks.
Barracuda partnered with University of California Berkeley and UC San Diego researchers to better understand email account takeover attacks. The researchers found attackers are using legitimate enterprise accounts they’ve compromised to send lateral phishing emails to other employees within the network – as well as partners from other organizations.
The healthcare sector has seen an abundance of these types of attacks, where several employees fall victim and emails are sent from the compromised accounts. In March, Verity Health System reported its third phishing attack-related breach. In its notification, officials said they had to delete the malicious emails sent to other employees from the impacted account.