shutterstock-102786449
Email Management

Would you recognize criminal activity if it entered your inbox?

This is a contributed piece by Asaf Cidon, Vice President of Email Security, at Barracuda

We are all inclined to trust what we know, so when you receive an email from a trusted web service such as Microsoft Outlook or DocuSign telling you that you’ve got unread messages, most of us would be unlikely to question its authenticity and instead blindly follow the directions to retrieve them.

However, over the past month we’ve identified a high volume of activity where attackers are doing just that. They’re cunningly impersonating popular web services such as Microsoft Outlook, DocuSign and Google Docs, trying to entice victims into giving away their credentials. Criminals are then using these credentials to either commit fraud or to launch targeted spear phishing campaigns within an organization - with an aim to steal the crown jewels.

These web services are being impersonated or spoofed by emails that contain a link which directs recipients to a fake login page on a legitimate website, which the cyber criminals spend a huge amount of time on to make it as realistic looking as possible.

Machine Learning in security can be a tricky game… Welcome to the world of adversarial machine learning

What’s new with these types of attacks is that usually there is an attachment which cybercriminals use to convince the unsuspecting to either download malicious documents or login to a fake account resulting in surrendered account credentials – which then leads to all sorts of hurtful behavior.

 

Protection is futile

However, in this instance, there is no malicious attachment. Cybercriminals are hoping victims will not recognize the web service web portal login page, and freely enter their credentials, giving attackers full access to their email accounts. 

In addition, the links used in these emails are typically ‘zero-day’, meaning they have not been used before in other emails, and therefore don’t appear in any bad link blacklists, making them hard to protect against. In fact, some of these links are legitimate small business websites that have been compromised and will appear to have a high reputation in the eyes of traditional email security systems, which helps them evade detection. In most instances, the links included lead to legitimate websites, where the attacker has maliciously inserted a sign in page, and the domain and IP registration will appear legitimate.

Unfortunately, link protection technologies such as “safe links” will not protect the user against these links. Since the link contains a sign in page and does not download any malicious viruses, the user will follow the “safe link” and will still enter the username and password.

 

Artificial Intelligence is the key

Recently, we have seen a high volume of activity around this attack, with millions of these emails being sent, which comes as no surprise since traditional email security solutions will not catch these emails and many will ultimately reach end users without being detected. This evolving attack will not be detected by existing email security solutions.

Adversarial machine learning looks set to increase over the next 18 months. But What might ‘bad guy’ machine learning mean for security?

So what is the answer? Users need to be educated on what to look for when receiving emails. The best hope to stop these attacks is artificial intelligence (AI) for real-time spear phishing protection combined with regular training to raise awareness of evolving and new threats.

An AI real-time solution can be taught to automatically detect and quarantine these emails. It would also be able to recognize how a normal email from a popular web service looks based on the signals in the email metadata and body. For example, you would expect emails from Facebook to come from messages@facebook.com and include a link to facebook.com. It is very unlikely to receive an email from john@facebook.mydomain.com with a link to sdfsdf.co.uk. Even if the sdfsdf.co.uk link has a high reputation and does not appear on any blacklists within the context of an email from Facebook, it is extremely unlikely to be legitimate.

A sophisticated security solution would be able to spot the difference despite the link being reputable and prevent the email from reaching any user. This is vital as it is guaranteed that someone in your organization will eventually fall for this bait, no matter how tech savvy they might be.

To further prevent against falling victim to such an attack, security awareness training is required for all. Organizations must plan for email threats such as these and many others, train all their employees, test them on the latest email threats, and work to ensure everyone is a security advocate.

Traditional email security will not catch these threats, and not every employee will delete the email, so incorporating a holistic risk prevention strategy with the latest email security technologies and regular security training will best prepare you for the next threat tactic cybercriminals will use to try to steal your information.

PREVIOUS ARTICLE

« Is the world ready for the end of Excel?

NEXT ARTICLE

Are governments doing enough to regulate new tech? »
author_image
IDG Connect

IDG Connect tackles the tech stories that matter to you

  • Mail

Recommended for You

Tech Cynic: VR, the never-popular technology

Tech Cynic – IT without the rose-tinted spectacles

Five months on, GDPR doubts remain for this lawyer

Martin Veitch's inside track on today’s tech trends

How can smart solutions help address Southeast Asia's urban challenges?

Keri Allan looks at the latest trends and technologies

Poll

Is your organization fully GDPR compliant?