Email continues to be one of the key attack vectors for cybercriminals. Fady Younes, Cybersecurity Director, Middle East and Africa, Cisco, tells us what the main risks are and how to mitigate these.
What are the most common problems and risks for businesses regarding email attacks?
In May 2019, over 85% of all email was spam. Email continues to be the number one vector for malware distribution and phishing, with many cybercriminals intending to exploit sensitive information and commit fraud.
Cisco’s 2019 CISO Benchmark Survey discovered that 56% of CISOs find defending against user behaviour ‘very challenging’, with security concerns being graded higher than other worries including public cloud and mobile device.
A total of 70% of CISOs polled admitted that protecting against email threats is becoming increasingly difficult, whilst 75% experienced operational impacts as a result of criminal activity.
Scams such as Office 365 phishing have enabled cybercriminals to steal sensitive data, using fake sites that mimic the online platform to trick users into giving away their details. A total of 27% of advanced email attacks are launched from compromised email accounts, up 7% from the last quarter of 2018.
The CISO Benchmark Survey also found that two thirds of Business Email Compromise (BEC) scams still use free webmail accounts, with 28% tailoring their attacks using registered domains to trick users.
Becoming increasingly sophisticated in their approach, one in five BEC emails also include the name of the targeted recipient, creating a perceived level of authenticity. The consequences of malicious emails and cybercrime affected 47% of CISOs financially, indicating the importance of education and safety when working online. In 2018 alone, there was US$1.3 billion in losses worldwide due to BEC scams.
Why is email the most appealing tool for fraudsters? And when it comes to malware in emails, what sorts of attachments and programs have attackers gravitated towards?
We are living in a hyperconnected age. A time in which we are heavily reliant on communication as a tool for managing business relations and staying up-to-date with the latest information. For this reason, fraudsters are keen to exploit such a vital method of communication, knowing that it has an extremely high usage rate. Additionally, email users are often working in fast-paced environments, where they open documents and click on links in an instant. It only takes one wrong click for a cybercriminal to exploit data.
The most common attachment types are simply the types of files which are frequently sent and received around offices on a daily basis. Microsoft Office documents and PDFs alone account for more than half of all malicious attachments, demonstrating just how easy it is to be attacked if a user does not check and scrutinise the source of the email. Cybercriminals are all too aware that if a user receives an email which appears to be of a trusted source, especially in a work context, they are likely to click on it with the intention of being efficient and maintaining positive relations.
In terms of delivery infrastructure, many cybercriminals use bulk email toolkits for mass mailing and increased chance of comprising an account. Botnets are also used to send the majority of malicious email. In recent years, Necurs has harmed a number of organisations. Deploying banking trojans and ransomware threats in batches of millions, Necurs is able to reinvent itself and avoid detection.
Another banking trojan and malware program, Emotet steals from inboxes using a ‘RE:’ response to appear as part of a chain of messages. It injects a particular code into the user’s computer, obtaining data as a result of the simple wrong click on a document or URL. Cybercriminals are now also using Gamut, a method by which emails may appear to be from a dating website, pharmaceutical company or a job offer – all of which are built to create a sense of intrigue and entice users.
What recommendations does Cisco have for CISOs?
As alarming as the results are, organisations do not need to live in fear. They simply need to act accordingly and remain aware.
Employees will always be an organisation’s greatest defence. To prevent attacks, CISOs and IT managers can run regular phishing exercises. Not only does this reveal flaws and areas for improvement, but it also causes employees to think critically and remain aware.
Phishing assessment tool, Duo Insight enables users to craft their own fake phishing scam. The exercise is aimed at highlighting vulnerable users and devices before a real scam has the chance to cause havoc. The company’s 2018 Trusted Access Report found that 62% of phishing exercises captured at least one set of user credentials. Alarmingly, half of the users tested entered their credentials into a fake website, proving the importance of education.
Multi-factor authentication should also be used to help prevent against an attacker gaining access to an account. Authentication that requires a passcode to be sent to a mobile for instance, can help create an additional barrier and protect sensitive information from being compromised.
Crucially, software must also be kept up-to-date. Employees are always working on deadlines and may easily click ‘not now’ or ‘remind me later’ on necessary updates. However, this can go on for weeks, if not months, leaving accounts more open to risks posed by exploit sites. This is an easy, yet vital element of online safety.
It is always wise for users to be careful with login requests. Attackers go to great lengths to make their pages appear genuine, but users should check the name of the email address a request has come from. It may include a genuine website’s name, but does it have additional elements which seem unusual? When the user hovers over a URL, does it lead to a strange website? It is best to always approach emails with an eye of skepticism and question where possible.
How to protect your email
Spam defence must still be effective to keep out unwanted visitors. Defences such as malware and URL blocking are required to help defend against cybercriminals, in addition to integrated sandboxing.
Businesses need to invest in new technologies to ensure they gain an edge against criminals. This may include the use of advance phishing protections through Machine Learning, or DMARC domain protections to protect a company’s domain and brand identity.
Message quarantine functionality is a particularly effective method by which emails can be interrogated and analysed further if a user is unsure about the reliability. Email remediation can also help if a malicious file is detected after delivery.
It is inevitable that every organisation will experience cybercrime at some point in its lifetime. It is how they prepare for it and deal with it that is most important. Companies must strike a between being mindful of security and business risk and facilitating smooth user experience.
By taking the right steps, businesses can remain connected and reap the benefits of online communication, hyperaware and reactive to threats with reliable security defences.