Cybercriminals target organisations with bait attacks: Barracuda Report – The Hindu BusinessLine

Clipped from:


Cybercriminals are leveraging various tactics to target organisations with bait attacks.

Also see: Workloads set to go up for IT professionals

Based on analysis by Barracuda researchers, over 35 per cent of 10,500 organisations were targeted by at least one bait attack in September 2021, with an average of three distinct mailboxes per company receiving one of these messages.

Gather information

“Bait attacks, also known as reconnaissance attacks, are a class of threats where the attackers attempt to gather the information that can be used to plan future targeted attacks,” the firm explained in an official release.

These are usually emails with very short or even empty content. Bait attacks are meant to help attackers either verify the existence of the victim’s email account by not receiving any “undeliverable” emails or to get the victim involved in a conversation to potentially lead to malicious money transfers or leaked credentials.

“As the threats do not involve any text, phishing links or malicious attachments, it is hard for conventional phishing detectors to defend against these attacks,” it said.

Low volume phishing

Attackers leverage popular free email services such as Gmail, Yahoo, or Hotmail to avoid being detected. They also rely on a low volume, non-burst sending behaviour. This is to avoid detection by any bulk or anomaly-based detectors.

They also research their potential victims at times for more targeted phishing attacks.

Also see: Global tech talent crunch to persist for the next decade: IBM chief

Murali Urs, Country Manager, India, Barracuda Networks, said, “As attackers work to make their phishing attacks more targeted and effective, they’ve started researching potential victims to collect information that will help them improve the odds that their attacks will succeed.”

Employee training

Organisation need to deploy AI-based solutions to help safeguard their employees from falling prey to bait attacks and block such attacks. Employee training will also help avoid such attacks by recognising and reporting bait emails if they land in their inboxes.

“When bait attacks are identified, it’s important to eliminate them from users’ inboxes as quickly as possible before users open or reply to the message. Automated incident response can help identify and remediate these messages in minutes, preventing further spread of the attack and helping to avoid making your organisation a future target,” Barracuda said.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s