Defending your network from malicious attacks takes more
Then a platform’s native security features
By Troy Gill, Senior Security Analyst, AppRiver
Businesses flock to the cloud. As they do, they often forget to maintain a firm security posture and in turn expose themselves to attacks that could cripple their organization.
Take Office 365 for example. The platform has spam filtering, but users should be wary of putting all of their cyber faith in just one filter. While native filtering may be enough to keep some of the distracting and annoying barrage of spam in check, there are other areas where it may fall short.
As the bad guys are getting smarter at tricking users, phishing attacks and malicious email are getting more sophisticated and nuanced. Those who consider security as an afterthought can be exposed to problems that an innovative security company would catch. Now with all of the sophisticated techniques hackers are employing, users cannot rely on native filtering alone to secure them against today’s advanced phishing and malware attacks.
Ransomware is one of the many modern threats we are all faced with, and it is one that can cause major operational and financial hardships. Businesses, as well as public entities such as local and state government agencies, are being held captive to ransomware attacks with un-nerving frequency. Many companies have learned that a robust backup system is no longer optional, it is a must. And with many different strains of ransomware in circulation and many more popping up on a consistent basis, organizations should take every precaution possible to prevent this threat. Because email is the most prevalent infection vector for ransomware, preventative measures should be focused there first and foremost.
The same level of attention should also be given to the web gateway as well since it is another popular attack vector. Organizations will want to be careful not to overlook the low-hanging fruit such as practicing the principle of least privilege and making sure all software and operating systems are kept up to date. These measures can help mitigate risk with ransomware and also the many other forms of malware (including file-less attacks) that abound these days.
Along with the increase in malware, we also are seeing a big increase in phishing activity. Business Email Compromise or BEC has become an over-the-counter name because of its prevalence and, unfortunately, its successfulness for the perpetrators.
BEC attacks started picking up in October 2015 and have been gaining steam since. Estimates place anticipated losses well into the billions in 2018. These phishing-based attacks often use very clever social engineering to dupe unsuspecting users into paying a phony invoice or making a wire transfer at the request of the attacker masquerading as a company executive. The wealth of information about company employees available online (through websites and social media) has given the attackers a larger toolset to be able to craft these attacks in a much more personalized and convincing manner.
These type of attacks routinely net the attacker anywhere from tens of thousands to hundreds of thousands of dollars per attack. While some companies have been lucky enough to realize what happened in time to contact their bank and claw back the funds, that is often NOT the case, and the losses can be quite devastating. Everyone should take extra precautions with wire transfer payment practices and institute two-factor authentication as a matter of policy. And, of course, make sure that your email security provider has taken specific proactive measures to combat these types of attacks.
Another disturbing trend in 2018 has been the continued rise of attacks being launched from legitimate but compromised email accounts.
A popular type of attack that we have been seeing with increased frequency is Conversation Hijacking Attacks or CHAs. This begins with the attackers gathering login credentials for whatever email providers they can – Office 365, Gmail and Yahoo are all frequent targets. Once the hackers have access to the user’s email account the attacker uses “REPLY” to a prior ongoing email conversation and adds the malware file of their choice.
The attacker usually includes some vague language such as: “Can you review this document?” – the malware attached is most often in the form of a macro-embedded word document. To the recipient being targeted, the message comes quite naturally as they were just having a back-and-forth exchange with an individual they likely know and trust. Though most users know they should be highly skeptical of an attachment in an unsolicited email, this scenario looks to disarm the “user awareness” aspect of security. What’s more, these attacks can be launched against contacts within the same domain which could have equally devastating results.
In today’s age of targeted attacks, one thing is certain — these attacks are here to stay and will present even more of a threat going forward.
The threat landscape is in a state of constant transformation. Make sure that your security providers are paying attention around the clock and adapting quickly to the ever-changing threats. For sure, attackers will continue to find more innovative and rewarding ways to make quick and sizeable profits – just don’t let it be at the expense of your organization
About the Author
Troy is primarily responsible for evaluating security controls and identifying potential risks.
He provides advice, research support, project management services, and information security expertise to assist in designing security solutions for new and existing applications.