It’s hard to over-estimate how fundamental email threats have become as a route to threat to attack enterprises. While there are numerous ways for attackers to target organisations – vulnerable applications, compromised credentials, poorly-secured infrastructure – email is always a common denominator. An attacker that doesn’t try email, is probably not one you should really worry about. Cloud email infrastructure such as Office 365 Exchange and Google’s G Suite are no different from on-premise email servers in this regard, with Microsoft’s own figures showing a 600% increase in malware incidents recorded on the platform during 2016 alone.
While the attacks and threats being designed and put into action within the cloud environment are vast, they can often be divided into overlapping categories. Most begin with the simple ‘spam’ email; these emails tend to be harmless, but they can clog email gateways and employee inboxes. This then moves onto more serious, albeit still generic threats like ransomware, or phishing attacks which harness social engineering tactics.
For enterprises, however, the most dangerous and fastest growing category are those designed to specifically target and threat employees, business processes and supply chains. The five most prevalent attack types which fit this category include:
Spear phishing and credential theft: Spear phishing is an email that is specifically targeted towards an individual, company, or business with threats. They are often intended to steal data, but can also allow nefarious actors to install malware onto a victim’s computer. Spear phishing uses clever tactics to customise messages, making them appear relevant to the recipient, and once the unsuspecting victim opens or interacts with the email they thought was safe, criminals can get their hands on the data they need.
Whaling: Whaling attacks are like spear phishing, however, the two must not be confused. Whaling only targets employees perceived to be ‘high value’, so, for instance, the CEO, CFO and other VIPs within an organisation. These individuals tend to have access to sensitive information like employee or customer data, and also the power to control large balances in banking and securities accounts, making them more appealing targets to criminals. A successful whaling attack can give nefarious actors access to passwords and other important account details which can, in turn, open up corporate hard drives, networks, and even bank accounts. Some whaling campaigns can even go after secret military and other government information.
Ransomware: Ransomware has been prevalent cybersecurity threats since 2005, however, over the last 3 years, events have proven that the threat is not only increasing in frequency, but also in complexity. Many see ransomware as the biggest threat facing organisations today. Ransomware now only needs a single victim to gain a foothold on a network, from where it can spread and potentially bring an organisation to a standstill.
Business Email Compromise (BEC): A BEC attack is highly targeted and designed to conduct financial fraud. Criminals often impersonate a co-worker or trusted third party in order to compromise an email system from within. What makes BEC attacks even harder to spot is the fact that, in most instances, there is no payload. Instead, they rely on intent and urgency, imploring the victim to act quickly.
Whilst these examples of attack types used in the cloud environment can be categorised in this way, it is important to note that attackers can combine methods and utilise them in a single campaign. Cybercriminals (and defenders) are all too aware of how lucrative phishing can be, and so are willing to dedicate time and resources researching victims, and planning attacks over months. It can be argued that each successful attack, is simply the prelude to beginning a new one.
When using cloud email infrastructure, it is imperative for organisations to understand how they can stay safe.
To significantly reduce the risk of today’s advanced phishing attacks, next Gen email security must provide a three-pronged strategy: technical controls, end-user controls and process automation that continuously monitors and respond.
Use technical controls to block as many phishing threats as possible, end user controls to help better detect in the mailbox that simultaneously also encourages users to become an active part of the defence strategy.
By employing a system that uses machine learning to automatically find the malicious emails that were sophisticated enough to bypass traditional cloud email security and land in inboxes, systems can study every employee’s inbox to detect anomalies and communication habits based on a sophisticated user behavioural analysis. All suspicious emails can then be visually flagged the second an email hits an inbox, and a quick button link inside Outlook & Gmail toolbar enables instant SOC team notification while prompting security tools for further investigation and immediate remediation. This ‘virtual’ security member reduces the risk of human error in identifying malicious emails, and gives organisations a mailbox level defence to ensure protection, and remediation.
With the threat nefarious emails bring to organisations growing not only in prevalence, but in complexity, the time to act is now. Phishing will continue to dominate the threat landscape, and the consequences one email can unleash upon a business can be devastating; ransomware and BEC can bring huge financial losses, revenue loss and any reputational damage can be difficult for even the most established brand to bounce back from. Organisations should work to address the gaps in their email security, in order to stay one step ahead of the bad guys.