Thought leadership. threat analysis, news and alerts.
Email-Borne Threats Still Bypass Current Security System, Study Shows
Despite the advancement in current email security systems, a new study reveals that these security systems still miss a significant number of email-borne threats.
In the 3rd quarter of 2018, Mimecastretested 80 million emails that were considered “safe” by current email security systems. The Mimecast study found that out of the 80 million emails deemed to be “safe”, 42,350 emails were found to be impersonation attacks, 17,403 contained malicious software (malware) attachments, 16,581 emails contained dangerous file types and 205,363 malicious URLs were found.
Impersonation attacks refer to emails that attempt to impersonate a trusted individual or company in order to gain access to corporate finances or data.
Dangerous files, meanwhile, refer to files such as .jsp, .exe, .dll and .src – files that allow a program to run on a computer, exposing the computer to further cyber attacks. According to Mimecast, dangerous files bypassed current email security systems at an increased rate, showing a 25% increase from the last quarterly test.
How Prevalent Are Email-Borne Threats?
In the first half of 2018, over half-a-billion emails were analyzed by FireEye. It found that less than a third or 32% of email traffic was considered “clean” and delivered to an inbox. FireEye’s analysis found that 1 in every 101 emails had malicious intent.
FireEye further found that majority or 90% of the blocked emails contained no malware – 81% of which considered as phishing attacks and 19% considered as impersonation attacks.
Cyber criminals see the advantages of leveraging emails as a means to wage cyber-attacks as emails continue to be the preferred form of communication worldwide despite the growth of other technologies such as social networking, instant messaging and chat. Email also maintains its dominance as it’s an integral part of the overall internet experience. An email address is required if you want to use a social networking site or for your bank’s online service.
According to The Radicati Group(PDF), over half of the world population uses email in 2018, with the number of worldwide email users expected to top 3.8 billion in 2018 and expected to grow to over 4.2 billion by the end of 2022.
The following trends in email-borne threats were observed by FireEye and The Radicati Group:
The most common form of email-borne threat is the blended attack – a form of attack that combines an email and web access to deliver a malware to an
organization’s internal network. In blended attack, the email itself doesn’t contain a malware. The email only facilitates the delivery of the malware as it contains a link that when clicked goes directly to a malicious website and from there the malware is downloaded, then infecting the
organization’s internal network.
Impersonation Attacks Have Gone Mainstream
The cyber-attack called “business email compromise”, also known as BEC or CEO fraud, is an example of an impersonation attack.
In impersonation or BEC attack, an attacker or attackers send a bogus email purportedly from the CEO to a targeted employee, typically one who has access to company finances. Through the bogus email, the attackers request the targeted employee to make an urgent money transfer, usually to a trusted vendor’s new bank account.
Many profit and nonprofit organizations had been duped by BEC scammers in recent years. According to the Federal Bureau of Investigation (FBI), BEC scammers, between October 2013 and May 2018, defrauded different organizations worldwide of almost $12.5 million.
Email Attack Schedule
Malware-based attacks most likely occur during Mondays and Wednesdays. During Thursdays, malware-less attacks most likely happen. Impersonation attacks, meanwhile, most likely occur during Fridays.
One example of the malware-less email is the impersonation email, an email that spoofs domains or uses lookalike domains. Another example of a malware-less malicious email is the blended email, whereby the email contains a link to a malicious URL. An additional example of a malware-less malicious email is one that contains a dangerous file such as an .exe file.
One explanation why impersonation emails are sent during Fridays is that impersonation emails typically are bogus emails from an organization’s CEO. During Fridays, especially late Friday afternoon, it’s typically difficult to call or talk in person with the boss – a situation favored by scammers to buy time to trick a targeted employee.
How to Prevent Email Attacks?
Here are some security measures in order to block or detect email-borne threats:
In email-based attack, it only takes one click to infect your organization’s internal network. And your weakest link for this particular type of cyber-attack is your staff. Staff training isn’t just a one-shot deal. It needs to be continuous as well as effective.
It’s particularly important to train executives and employees dealing with finances to be vigilant against email-borne threats as they’re targeted by criminals, especially in BEC attacks. One way to train your organization's staff is by sending test emails to check their resilience against email-borne threats.
Use an Advanced Email Security Tools
Traditional email security tools only block emails that contain malware. An advanced email security tool, in addition to blocking emails laden with malware, blocks malicious emails containing spoofs domains, lookalike domains, emails containing malicious URLs and emails containing dangerous files.
Contact us today if you need assistance in protecting your organization’s network from email-borne threats.
Steve E. Driz, I.S.P., ITCP