Email continues to be the single biggest source of cyber-attacks globally. A survey in 2017 estimated 74% of threats initially entered organisations via email.
The traditional approach to email security blocks spam and malware at the gateway before it enters an organisation and enforces policy controls at this point. This approach is still necessary but is not able to secure against advanced email threats such as spear phishing attacks, account takeover, business fraud and data loss.
Barracuda Email Protection provides a comprehensive solution that secures your entire email infrastructure. The multi-layered approach covers all threat vectors by securing the email gateway, protecting your stored email data, inoculating mailboxes against targeted threats, and training users on how to identify and defend against cyber-attacks.
The Evolving Landscape of Email Threats
Email attacks started as simple volume campaigns delivering spam and malware, and we still see these today, but threats have evolved rapidly since then to employ an increasingly sophisticated range of techniques.
Today’s more damaging attacks may involve highly targeted campaigns which leverage social engineering, account takeover, spoofing and other techniques to steal user credentials, and to defraud organisations of large sums of money.
In addition, we are now seeing email attacks entering organisations via personal email accounts and unified inboxes, as well as widespread use of advanced threats such as ransomware.
Spear Phishing and Targeted Threats
The most damaging email attacks today are often delivered as spear phishing emails with zero payload. These are customized to target specific individuals within an organisation, appear to come from a reputable source, and usually include an urgent call to action that can range from providing credentials to transferring money.
These emails don’t display any obvious characteristics (such as infected attachments or suspicious URLs) that would flag their malicious intent to gateway security controls.
Other targeted phishing emails impersonate commonly used services such as Outlook, DocuSign, Dropbox and others, and ask employees to click on a zero-day link. These emails typically originate from compromised accounts that have a high reputation and are not intercepted by traditional security gateways.
Account Takeover and Business Fraud
In these attacks, social engineering or other intrusion techniques are first used to obtain the credentials of email accounts for targeted individuals. Attackers then use these compromised credentials to send emails to other internal employees, or use the accounts to launch additional external phishing campaigns. These attacks are very hard to stop with traditional gateways because they emanate from internal mailboxes.
Similarly, attackers are increasingly spoofing domains of corporations and public institutions, and using their high reputation to launch phishing and spam campaigns, as well as tricking the employees of these organisations to commit fraudulent wire transfers.
This is designed to circumvent security controls and then exploit platform and system level vulnerabilities, allowing it to infiltrate networks, exfiltrate sensitive information, and in some cases encrypt business critical data.
The polymorphic nature of zero-hour malware makes it difficult to detect using traditional signature-based anti-virus techniques.