There was a time 20 or so years ago that email security was fairly straightforward – make sure you have anti-virus software running and remind your users to not click links they don't recognise. While that remains good advice, email has become a mission-critical application and remains a major target for spear phishers, social engineering and the introduction of malware. It's often the first line of attack for those trying to breach a network.
According to studies from the email marketing site DMR Digital Stats and Gadgets, worldwide some 205 billion emails are sent daily by 4.3 billion users. Office workers receive on average 121 emails per day with 42 percent of emails opened on mobile devices and 55.2 percent opened on desktop computers. But not every email message is safe; the site also reports that 2.3 percent of emails include malicious attachments. So of those 121 emails each office worker gets per day, 2.8 of those emails will carry a malicious payload. These statistics show clearly that despite the rise in the use of social media, email continues to be the core communications tool for businesses.
Today's email attackers have very sophisticated tools at their disposal. Using various social media sites, attackers today can identify high-value targets and calculate if those targets or their direct managers are traveling or involved in a project of interest to the attacker.
Unfortunately, according to Verizon's “2015 Data Breach Investigations Report,” users still haven't learned their lessons about opening potentially malicious emails. The study says 23 percent of recipients now open phishing messages and 11 percent click on the attachments. This is not good news, but it also is not necessarily surprising.
Using spoofed return email addresses or information gleaned from social media sites, it is relatively easy for attackers to create authentic-looking messages that could cause an employee to disclose confidential data or click on an infected link. For example, what CFO would decline to open a spreadsheet from the CEO titled Merger Financials? And would an HR manager ignore an email apparently from the corporate counsel that asks for personal data about an employee who is “under investigation?”
Email security applications, such as PineApp's Mail-SeCure Solution Modules, can provide advanced email security appropriate to small- to mid-sized businesses, enterprises, managed services providers and telcos. Multilayer anti-spam modules, combined with perimeter-level security provide high levels of detection rates for malicious email – even before it enters the corporate network. While email-borne attacks have improved, email security applications also are much more sophisticated and continuously evolving, while also providing functionality for such business requirements as large file transfer, encryption, archiving and the like. Customers now have a single, point solution and are not spread thin amongst many different applications and vendors. PineApp's latest release is recognition that the pressure on businesses across geography and different applications makes them vulnerable but there are solutions to address that vulnerability.
Advanced management and auditing with smart and efficient policy enforcements help the IT department identify potential malicious email and allow the emails to be stopped before they arrive at the target mailbox. The goal of advanced email security is to stop malicious emails before they arrive at the targeted victim. A user cannot click on a malicious link if the email never reaches them.
While some of today's email attacks target users with sophisticated intrusions, another important aspect of next-generation email security is identifying and stopping the less sophisticated attacks, such as simply confusing the potential recipient. For example, consider the sales manager who uses Salesforce.com as their sales force automation and customer resource management application. Let's assume this sales manager gets an email recommending that they update their software from a domain called salesforce.update. Might the sales manager be tricked into believing that this is a valid update and not a spear phishing attack designed to download malware onto their server? They might.
With the explosion of generic Top Level Domains (gTLDs) — such as .update, .online, .work, .space and .site, along with thousands more — it is becoming much easier for a potential attacker to create valid-sounding sites using highly recognisable but nonetheless inauthentic domain names.
In cases where malicious emails are identified, advanced digital forensics can help identify where the attacking emails were created. Even sophisticated attackers can leave digital fingerprints that can be found, identified and used by police agencies to trace an attacker back to the source, but often this can only be done using forensics technology. What once was the purview of private investigators and the proverbial crime scene investigators – think CSI – can now be done within email security software.
The key is leveraging deep inspection with network scanning. Such tools can identify abnormal behaviour on the network, along with near real-time detection and prevention of attacks – such as remote execution on the domain controller, Skelton Key malware, honey token activity and more. Often these types of attacks originate in email-based malware.
Email attacks are ubiquitous. It is not possible to stop every attack because sometimes users will open messages even if they are marked as potential spam. That's what happened at RSA several years ago – a message in an employee's junk mail folder was nonetheless opened. Consequently, RSA suffered a serious breach due to user error. Imagine if that email message had not ever made it to the user's email account – it would not have ended up in a spam folder and been available for the employee to open.
The latest generation of email security tools stop attacks by keeping users from even seeing the potentially malicious message. A simple rule of thumb: You can't click on malicious email links if you never see the infected message. What's that worth?
Mr. David Feldman has been CEO of PineApp since March 2015 after previously holding several strategic management roles within the company since 2004. Since assuming the CEO position David has been instrumental in reinvigorating and expanding PineApp's technology offering and establishing new priorities for the development of future Cyber-Security Solutions. PineApp's next generation of solutions will build on nearly two decades of network security experience, and enable small and mid-sized organisations to effectively monitor and counter the evolving threat landscape through a combination of SIEM, Network Forensics and Proactive Threat Mitigation.