Software

Are your business emails secure?

The front line of cyber crime.

The popular image of cyber criminals in films and TV shows is a geek in a hoodie, hunched over a laptop, tapping furiously in an attempt force their way into a “mainframe” in order to download that crucial file, or set loose a virus to destroy the evidence.

The modern reality is that hacking tools can be bought cheaply online. The program that does the damage isn’t the problem for them, it’s getting it delivered. And these days, with antivirus and firewalls becoming more intelligent, the easiest way to do this is to get you to do it.

All they need is a click. And there’s a whole heap of ways they make that happen.

Let’s look at some of the most common methods of email cyber attack.

Common methods of email attack.

URL Phishing.

With URL Phishing cyber criminals use emails designed to look legitimate to tempt victims into inputting sensitive data into a fake website which is then sold on the Dark Web or used to launch more attacks. Around 32% of security breaches involve phishing.

Spear Phishing.

If you fish using a rod, you’re waiting for any fish. If you fish with a spear, you aim for a specific fish. This is how Spear Phishing gets its name, as it deploys highly-personalised emails in an attempt to capture sensitive information such as login credentials or bank details. In many cases they will impersonate friends, colleagues or trusted businesses and add a sense of urgency or pressure to improve the likelihood of success.

According to email threat specialists Barracuda, 43% of organisations had been victims of spear-phishing in the last 12 months.

Lateral Phishing.

Lateral Phishing means using recently compromised accounts to then send phishing emails to the users’ other contacts. This spreads the attack wider and lends legitimacy by using a genuine email account of a trusted friend or colleague. Lateral phishing has a high success rate.

Email Spam.

Email spam might seem little more than an annoyance, but it doesn’t occur for no reason. Spam emails are often pushing scams or at the very least sell dubious items. Spam also plays a part in Phishing attacks, which we’ll learn more about later.

Spam is also a business threat by its sheer volume, clogging up inboxes and reducing productivity. If Spam isn’t dealt with it can easily lead to genuine emails being missed.

Extortion.

In extorion attacks, cyber criminals leverage user details stolen in data breaches to try and trick victims int o giving them money. Often the scammers claim to have a compromising video recorded on the victims’ computer and threaten to share it with all their contacts unless a payment is made.

Data Exfiltration.

Data exfiltration is a fancy term for the unauthorised transfer of data from a device. These attacks are usually targeted and revolve around gaining access to a network or machine in order to copy specific data. This could be done by email by tricking employees by email to reveal critical information.

Domain Impersonation.

With Domain Impersonation attackers attempt to mimic the legitimate domain names of trusted businesses to make their emails appear more legitimate. Typosquatting is a popular Domain Impersonation technique that involves legitimately purchasing web domains similar to real ones.

For  instance, to impersonate Amazon they might use:

• amaazon.com
• amazom.com
• amazon.co
• amazon.net

Brand Impersonation.

Common types of brand impersonation attack include:

Service Impersonation

This is where emails are sent which mimic the style and visual appearance of a well-known company in an attempt to harvest credentials and take over the victims account or steal personal information or bank details.

Brand hijacking

In this common form of phishing an attacker impersonate’s a company’s brand using a false (“spoofed”) domain name to make the email appear genuine. For instance, the email may show in your inbox as from “Amazon Customer Services” but the underlying email may just be a Hotmail or Gmail account.

Conversation Hijacking.

Here cybercriminals use compromised accounts to insert themselves into legitimate email conversations or start their own new ones. Conversation hijacking can be very powerful not just because the conversation appears genuine, but also because the attacker has often lain dormant within the compromised account in order to learn how better to impersonate the business and the user.

Inevitably they then move the conversation towards a payment being made, often mimicking genuine business or invoices to make the attack that more powerful.

Business Email Compromise (BEC).

In BEC attacks fraudsters impersonate an employee within an organisation in order to defraud the company and its employees, or its customer and partners. These are often targeted social-engineering attacks aimed at employees with access to the company’s finances or data, and as such often don’t include links or attachments.

Account Takeover.

Account takeover occurs when a successful cyber attack gives the hackers access to a users’ account or even admin credentials. This then allows them to harvest information on how the company does business, their email signatures, payment email designs and more. With this information they then launch additional attacks, harvesting even more information.

Account takeover attacks can be hard to spot and run unnoticed as your business is drained of information and data before spreading to your customers.

How can I improve my email security?

As you can see, there a huge number of ways in which cyber criminals could attempt to attack your business, so it’s important to have a solid defence against such threats.  Just as the criminals have several tools at their disposal, any business looking to form a solid email security defence also needs to be covering several bases;

Email gateway security

This means security that intercepts emails before they hit your mail server and scans them for malicious content. They evaluate the reputation of the domains and IP addresses the emails are coming from, scan for viruses and malware, and analyse URLs for phishing attempts.

More advanced email gateways include Advanced Threat Protection (ATP) which uses sandboxing to analyse never before seen variants (zero day threats) in a controlled environment.

Inbox Defence.

With attack methods that use accurate impersonation or legitimate email addresses, or lay dormant before attacking, email gateways alone are no longer sufficient protection.

Inbox defence integrates directly with your email environment and uses this visibility of historical email communication and an artificial intelligence (AI) to build a behaviour profile for each user. This can then be used to determine the that user’s genuine communications from ones inserted by hackers. Potentially malicious emails are removed from the inbox before the user can interact with the message.

User education.

The next security layer, after the email gateway and the inbox, is the user themselves!

Because some of the attack methods above are effectively legitimate emails seeking to act in a non-legitimate way, it is important for the safety of your business for your colleagues to be aware of how such attacks work.

Regular training and awareness sessions help you to build what can be referred to as a “human firewall”. Just like a normal firewall, your human firewall is “programmed” with regular training to spot and avoid threats.

By taking part in Cyber Summer you’ve taken the first step. Why not share these resources with your colleagues to help start the human firewall within your business?

More resources:

I now understand…

•  Some of the most common methods of email cyber attack
• How to improve email security within my business