Barracuda Networks Issues Email Inbox Rules Manipulation Warning
A Barracuda Networks report published today suggests cybercriminals are becoming more adept at manipulating email inbox rules to hide their tracks after taking over an account.
Only a small percentage of the massive number of email account takeover incidents involve malicious manipulation of email inbox rules. But the report noted that these rules have enabled cybercriminals to forward emails outside of an organization, ensure security warnings are disabled, hide messages they sent in obscure folders or simply delete any record of a message they might have sent from that inbox.
Olesia Klevchuk, director of product marketing for Barracuda Networks, said this tactic makes it simpler to, for example, create false invoices or generate emails that impersonate senior business leaders as part of a business email compromise (BEC) campaign. Cybercriminals can also use those rules to track any and all emails containing keywords such as invoices, she added.
Previous Barracuda Research showed that 75% of organizations suffered at least one email security breach in 2022. Making the jump from account takeover to manipulating email inbox rules is relatively simple, so the threat to business workflows is considerable, noted Klevchuk.
Earlier this year, the FBI reported that businesses lost over $2.7 billion due to BEC attacks in 2022. The challenge is that given the increased sophistication of those attacks, they now require detection and response tools infused with machine learning algorithms to identify anomalies that indicate an attack is underway, said Klevchuk.
Otherwise, the average administrator simply lacks the tools needed to detect these attacks until it’s too late to do anything about them, she added.
Most of the tactics and techniques employed by cybercriminals are relatively simple. The fact is, most cybercriminals don’t see the need to build and distribute malware when it is relatively easy to use phishing attacks to steal credentials and take over an account that can then be used to steal data and perpetrate fraud.
Unfortunately, far too many organizations still fail to appreciate BEC threats until they are victimized. As far as cybercrimes are concerned, it’s probable that many BEC incidents are not even acknowledged. Many cybercriminals are becoming increasingly adept at identifying the amount of damage they can inflict before an organization feels compelled to report they’ve been an attack victim.
Of course, the U.S. government is enacting various rules through federal agencies to discourage that behavior. In the absence of any actual crime being reported, law enforcement officials are powerless to track down the perpetrators of what has become a major threat to the global economy.
Ultimately, the goal is to thwart cyberattacks before any breach occurs. There is, however, never going to be such a thing as perfect security. The goal is to minimize the level of risk and, when a breach does inevitably occur, limit the blast radius. The best way to get started down that path is to focus on the most common types of cybercrime before they become catastrophic and threaten the very existence of the organization.