The total number of emails sent and received daily worldwide exceeds 281 billion and is forecast to grow to over 333 billion by 2022. Cyber-criminals have taken advantage of this era of email and turned it into number one attack vector used to breach enterprises, infiltrate networks, hijack devices and extort money or sensitive data.
Email attachments, in particular, are used by attackers to inject malware into an organization to create the beachhead that facilitates the rest of the attack. With employees opening hundreds of emails every day, it’s akin to an ongoing game of Russian Roulette within the organization.
Protecting against email threats remains a key concern for organizations of all sizes across the world. However, despite the availability of tools and technologies such as email encryption, sandboxing and artificial intelligence, headlines have been dominated by news of email-borne attacks.
Those threats are not only dominating the cyberspace but are also getting smarter. Last month, Virginia bank’s email systems suffered a series of phishing attacks, which took phishing techniques another step further by embedding a malicious office file inside a different attachment, to bypass traditional security solutions as well as sandboxes.
Therefore the email vector still carries significant risk of transferring malicious components into the organization. To avoid becoming the next victim, organizations need to understand how today’s attacks work and how to prevent or mitigate potential incidents.
The growing threat of content-borne attacks
According to research by Verizon, email continues to be the most common threat vector (96%) used by cyber-criminals to carry out attacks against organizations across various industries. These email-borne attacks have evolved from nuisance spam campaigns into highly sophisticated spear-phishing threats with obvious intentions – such as ransomware, or creative malware designed to infiltrate an organization’s network and then evade detection to carry out the attackers’ illicit activities, including data breaches or exfiltrating sensitive information.
The danger of those attacks is that they’re carried into organizations through everyday applications used to view or edit content, including Office Word, PowerPoint, Dropbox and Google Drive. These applications receive legitimate input from outside of the organization, for instance loan applications or tax returns etc., and are used by all businesses across various industries and employees at any level.
For example, an attacker could send a normal-looking PDF file attached to a plausible CV application email to organization’s HR department that would bypass security checks; however, the file is only masquerading as legitimate and, in fact, could contain a form of malware, able to infect the user’s machine and even the entire network.
The nature of those threats allows them to remain unnoticed and, often unknown to security teams, leaving organizations exposed to significant risk. As cyber-attackers continue to reveal new levels of ambition in recent years, organizations should make securing their communication channels a top priority.
You can’t protect what you can’t see
The majority of security teams today rely on defense technology based on the knowledge of past attacks which analyze their behaviors, explore their symptoms and the common attack methods. As the threat landscape is constantly evolving, it can be hard to keep up with the latest attacks techniques.
However, there is a common thread to all email-borne attacks and that is they all rely on tricking standard business applications to run the attacker’s code instead of the legitimate application code. For example, when a user opens a document in MS Word sent to them via email by a colleague, s/he is unaware that the file secretly carries malicious code.
This code could execute a malware attack, ransomware or any other malicious activity straight away on user’s device, or stay on the system under the radar for future activation.
To make sure any execution of malicious code is detected and stopped before penetrating the organization, security teams need to embrace a more proactive approach in identifying and eliminating the email-based threats.
Best Practices
Cyber-criminals are stepping up their game and constantly stay on the lookout for new ways to circumvent security measures and wreak havoc. Email-based threats remain a persistent security issue, with email remaining the attacker’s most accessible entry points for advanced content-borne attacks and zero-days vulnerabilities that threaten enterprise assets.
To meet the full range of today’s cyber threats contained in any type of attachment, organizations need to adopt a more proactive approach in identifying and eliminating the threats before valuable information is stolen or business processes are disrupted.
Traditional security solutions, including signature-based anti-virus and sandbox detonation, cannot keep up with the today’s evolving threats. Therefore, organizations need to turn to next generation cyber defense technologies that can identify any malicious code carried via email content before damage is done.