Study reveals attackers’ phishing behaviours and techniques

A recent Imperva report reveals the techniques and behaviours hackers adopt when they’re trying to launch a phishing campaign. The study involved researchers setting up 90 honey-pot personal email, file sharing and social media accounts to lure criminals. Over the course of nine months, the researchers observed the hackers’ behaviours.

After receiving 200 credential leaks, Imperva analysed the data.

Key findings included:

  • Only 44% of those leaks ended in account exploitation and 34% of those were repeatedly penetrated.
  • Of those 34% repeatedly accessed accounts, just 46% were accessed within the first 48 hours.
  • Once inside the inbox, the most popular sensitive information that attackers were looking for was passwords (52%) and credit card information (29%).
  • If you suspect you’ve been phished, there is a chance (56%) that changing your password quickly enough might prevent your account being compromised.

Other findings included:

  • Other account abuse included spreading phishing campaigns and stealing contacts.
  • Of all the accounts accessed, only one attacker locked out Imperva by changing the password and recovery email and adding two-factor authentication with a phone number.
  • The average exploration lasted about 10 minutes, and the longest lasted 52 minutes.
  • Just 17% of attackers attempted to cover their tracks: 15% deleted their sign-in alerts but the alerts remained in the ‘trash’ folder, and only 2% permanently deleted their new sign-in alerts.
  • Account exploration was typically performed manually rather than using automation tools.

Itsik Mantin, head of data research at Imperva, said:

By studying cyber attackers, we’ve learned many things including that most attackers don’t bother to cover their tracks, which means they leave evidence behind. Furthermore, if we can quickly detect an attack, we then know that swift remediation including a simple password change significantly reduces the odds of a successful attack.

Protect your organisation

Although this research evaluated attackers’ behaviours and techniques and offers valuable insights, there’s no way to prevent all phishing attacks from reaching their targets. The only way to mitigate this risk is to make sure everyone within your organisation knows how to detect and respond to a phishing attack.

To help staff do this, we offer a Phishing Staff Awareness Course that provides everything you need to know about how phishing attacks work, how to spot them and the best practices to follow to stay secure.

Find out more >>