SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
'Bait attacks' become go-to method for cyber criminals
Thu, 11th Nov 2021
FYI, this story is more than a year old

More than a third of global businesses are likely to be targeted by a ‘bait attack' within a one month period, according to new research from Barracuda Networks.

‘Bait attacks', also known as reconnaissance attacks, are a technique which sees attackers ‘testing' email addresses and identifying who is willing to respond.

The goal is to either verify the existence of the victim's email account by not receiving any 'undeliverable' emails or to get the victim involved in a conversation that would potentially lead to malicious money transfers or leaked credentials.

Barracuda's research found that just over 35% of 10,500 organisations were targeted by at least one bait attack over a one month period, observed in September 2021.

The data revealed that ‘bait' attacks were likely to impact an average of three distinct mailboxes per company.

According to the researchers, bait attacks are usually emails with very short or even empty contents, making it hard for conventional phishing detectors to flag or block these kinds of threats.

Attackers also rely on a low volume, non-burst sending tactic, in an attempt to deceive any bulk or anomaly-based detectors.

Similarly, Barracuda researchers revealed that attackers typically use fresh email accounts from free services, such as Gmail, Yahoo or Hotmail to send the attacks - with Gmail in particular accounting for 91% of all email domains associated with bait attacks.

Bait attacks typically precede or ‘set-up' a targeted phishing attack, so the Barracuda research team ran an experiment by replying to a bait attack that landed one of their employee's private mailboxes.

The Barracuda employee replied to a bait attack, which had no email content and the subheader “Hi”, with the message “Hi, how may I help you?”. Within 48 hours the employee received a targeted phishing attack.

According to the researchers, this exemplifies that the original email was designed to verify the existence of the mailbox and the willingness of the victim to respond to email messages.

Barracuda Networks VP email protection products Michael Flouton says, “Cyber attackers are always looking for new and innovative ways to improve the efficiency and success-rate of their carefully composed spear-phishing attacks, and whilst typically harmless in their own right, bait attacks are posing a serious threat to business data by targeting susceptible staff.

“The best method of tackling this growing threat, which are largely undetectable by traditional filtering technology, is by training users on how to recognise and report them.

"It's important that bait attacks are removed from an inbox as soon as they identified, to prevent users from opening or replying to them, and automated incident response software will identify and remediate these messages in minutes, preventing further spread of the attack and helping to avoid making your organisation a future target.