There's a question all organizations need to ask when it comes to email attacks: do their employees know how to distinguish a legitimate message from an email threat? Some companies are able to invest heavily in security architecture, but many are not. A comment from Dr. Klaus Gheri, General Manager Network Security at Barracuda.
However, in every company there is one point of entry that remains constant: the end users. These are among the most popular targets for cybercriminals, as they are usually the weakest link in the security chain. Therefore, it is essential for companies of all sizes to educate their employees fully about the various security threats, particularly malicious email and social engineering. Below are the top 3 email threats that are the most difficult for users to detect.
Business email compromise
Identity theft with phishing emails
Cyber criminals pretend to be someone within a company or with close ties to it. Typically, these emails are designed to appear as if they came from a private email account and contain an urgent request to trick the victim into handing over money, login credentials, or other sensitive information. Cyber criminals often include a note that the message was sent from a mobile device. This makes it more likely that the recipient will find typos or abnormal formatting less suspicious. This is because victims often do not know the legitimate private email addresses of their employees or supervisors, and if the name in the header and signature looks correct, they rarely ask questions.
Conversation hijacking
Hackers tap into an email conversation
This type of attack occurs after cyber criminals have already gained access to an internal account. They hook into a legitimate conversation thread by setting up a similar-looking domain and removing the compromised party from the conversation, narrowing the email thread to the hacker and their new victim. The victim has already established a relationship with a legitimate recipient - this may be someone they email regularly, maybe even someone they have spoken to on the phone or met in person. Sometimes the only clue is a very subtle difference in the compromised party's email address and/or domain. If the recipient of the malicious email is using their mobile device, is distracted, or doesn't verify the sender's address, they can easily fall victim to this type of attack.
There are two types of brand impersonation: service impersonation and brand hijacking. In service impersonation, a hacker impersonates a commonly used application to trick users into re-entering credentials or other personal information. In brand hijacking, a hacker uses a fake domain to pose as a legitimate company. Users have become accustomed to receiving legitimate emails from applications asking them to re-enter their credentials. Requests from Microsoft 365, Amazon, and Apple asking users to verify their identity, reset their passwords, or agree to new terms of service are commonplace in many users' inboxes, so most don't think twice before clicking links , which ultimately lead them to phishing sites.
How companies can protect themselves against email threats
Employee training and security awareness training: If technical security controls are not sufficient, it is up to the user whether an email attack is successful. Therefore, users should receive in-depth training on the most common types of email threats. This includes how they work, how to identify them and how to report them. Furthermore, companies should train their users in practice to react safely. Security awareness training technology enables organizations to test their users, analyze user behavior patterns, and educate individuals and departments on security best practices. Using threat intelligence collected by an email protection solution, this software enables organizations to expose their employees to real-world attacks—but without the risk of data breach, brand damage, and financial loss.
Email Protection Solution: Cyber criminals are able to bypass email gateways and spam filters. That's why it's important to deploy an email security solution that detects and protects against spear phishing attacks, including brand impersonation, business email compromise, and account takeover. Also, the solution shouldn't just rely on looking for malicious links or attachments. A technology that uses machine learning to analyze normal communication patterns within the organization can detect anomalies that could indicate an attack.
Implementation of protection against account takeover:
Some of the most damaging and persuasive spear phishing attacks are sent from compromised internal accounts. Therefore, security technology should be deployed that uses artificial intelligence to detect when accounts have been compromised and is able to take remedial action in real time by warning users and removing malicious emails sent from compromised accounts.
Email attacks are still one of the top threats to corporate security, as cybercriminals use sophisticated social engineering tactics to target end users. With the above measures, however, companies can adequately defend themselves against the flood of these attacks and significantly reduce the risk of a security breach.
More at Barracuda.com
Via Barracuda Networks Striving to make the world a safer place, Barracuda believes that every business should have access to cloud-enabled, enterprise-wide security solutions that are easy to purchase, implement and use. Barracuda protects email, networks, data and applications with innovative solutions that grow and adapt as the customer journey progresses. More than 150.000 companies worldwide trust Barracuda to help them focus on growing their business. For more information, visit www.barracuda.com.