Based on the Proofpoint study, IMAP is the most maligned protocol - IMAP is the protocol that bypasses MFA and lock-out options for failed connections. These intelligent new violent force attacks bring a new approach to the traditional methods that used the combinations of usernames and passwords.
Based on Proofpoint's analysis of over one hundred thousand unauthorized connections to millions of monitored cloud user accounts, we have the following conclusions:
- 72% of accounts were at least one threat target
- 40% had at least one compromised account in its environment
- Approximately 2% of active user accounts were targeted by malicious entities
- 15 from 10.000 active user accounts was successfully compromised by attackers
The ultimate goal of hacker is to start the internal electronic fishing (Phishing) and have a strong place within the organization. Internal fishing efforts are hard to spot in comparison to external.
Therefore, hackers try to access user cloud accounts and try to extend their intrusion through internal phishing.
Based on the Proofpoint analysis, most of the connection attempts come from Nigeria's IP addresses (40%), after China (26%) and other major sources are the United States, Brazil and South Africa.
The report shows that IMAP is the most maligned protocol and that IMAP-based attacks are higher in volumes from September 2018 to February 2019.
- About 60% of his accounts Microsoft Office 365 and G Suite were targeted with IMAP attacks
- Approximately 25% of Office 365 and G Suite users encountered a successful violation
- The success rate of intruders in an account in a targeted organization ranged from 44%
Proofpoint researchers found that "over 31% of all cloud users suffered violations of successful espionage campaigns".
How does Phishing Attack work?
Hackers compromise users' cloud accounts and then send out internal phishing emails from trusted side-scrolling accounts. Threat agents also use anonymization services such as VPN or Tor to hide their geographic location.
The attack has a higher percentage in educational institutions, especially in university and high school students. The target includes other industries such as retail, finance and technology.
The study shows that increasing the threat is a factor of increasing complexity with violent attacks aimed at the exposure of cloud accounts.