In this blog we will examine today’s most pressing email threats and examine best practises for a secure, layered defence strategy.
A Timeline of attacks
Almost everyday we hear about a new phishing/spam/malware/ ransomware attack. These threats are a constant worry for small, medium and large organisations across all industries. From volumetric spam to regulatory compliance issues, to CEO impersonation or “business email compromise” attacks – email remains a target. In the early days, it was a “spray and pray” approach – cast a wide net and prey on a large volume of unsophisticated targets, but as corporate defences got better, attackers have started phishing executives through unsecured personal accounts. With the rise of unified inboxes, it’s not always clear whether an email is from a personal or corporate account, which helps them to succeed. The reality is, humans are the weakest link in the security defence chain and as phishing attacks are more consistently used on corporate brands, companies are also at risk of losing customer trust and engagement through email.
In the early days email defence was pretty simple – legitimate mail would come across the internet, land in a mail server, get delivered into an inbox and users would both send and receive. In the early 2000’s, spam and malware came on to the scene and started being sent via email more frequently. As threats began to evolve, improvement on the spam firewall became the modern email gateway. This included things like data loss prevention and encryption to stop leakage of sensitive information. Backup and archiving, provided important capabilities to recover from accidental deletion and to archive mail for compliance or storage purposes. However, with a rise in zero day threats – threats that were new or custom and therefore couldn’t be caught by backwards looking signatures – the industry needed a new approach. Sandboxing is a technique that doesn’t rely on having seen a specific attack before. It puts a potentially malicious message into a virtual environment to see if it does anything nefarious, but this relies on spotting either a bad attachment with a virus or a link to a malicious website for example. To a gateway, a social engineering, business email compromise or CEO, a fraud attack can potentially look just like any other email.
Another concern is that attackers have realized that executives frequently access both work and personal email from a unified inbox. An unsecured personal email account is a soft entry point and as a result phishing attacks through the back door can be brutally effective. However one of the nastiest emerging threats that is become more common, is the rise of account takeover (ATO). In these attacks, the adversary gains login information and uses legitimate email accounts to send and receive mail from within the domain. These email aren’t spoofed – they really are from who they say they are from and to make matters worse, internal emails never even cross the gateway. So a gateway solution can’t even see the emails – much less recognise they are illegitimate.
Building the defence
So what does a modern email protection stack look like? It all starts with the mailbox. Whether you’re on a cloud service like Office 365 or Gsuite, on premor in a hybrid configuration, the defenses are the same. The gateway is as important as ever, so make sure you have inbound and outbound security deployed, including traditional signature defenses and advanced techniques like sandboxing. Secure yourself against accidental and malicious data loss with encryption and DLP and archive important emails for compliance and/or storage reasons. On top of that, ensure resiliency with backup to recover from accidental or malicious deletion of data and a continuity service to ensure that critical emails can get sent during an outage. To stop attacks that bypass the gateway, artificial intelligence can predict how likely an email is to be to or from the person it purports to be from. As the last line of defense against email that comes in through personal accounts, it’s critical to turn your users from a liability into a control. Phishing simulation and training makes your executives resilient.
The first step to take, is to really understand and acknowledge the changing email threat landscape. This means understanding that attacks are no longer easy to detect, but instead are now hiding in the shadows and these attacks could be happening in the background without any detection. Once you are aware of these sophisticated and evolving threats, then determine the impact of these threats on your company. Do you currently have solutions in place to handle these sophisticated attacks? Do you have a backup plan if things go wrong? And if you don’t, what could you risk losing? This step means understanding the impact that an attack could have on your employees’ jobs, your company’s bottom line and more importantly, the company’s reputation. After acknowledging the changing threat landscape and determining the impact than an attack could have on your company, the last step is deploying solutions to avoid an attack.
Considering a Barracuda defence strategy?
Barracuda has created a multi-layered threat detection system that has been optimized to be used in the cloud. With Barracuda backup, the control is in your hands. You have the power to choose how you want to backup, how often and how quickly. You can set custom retention policies, you can choose to do automatic or manual backup and even conduct multi selection restores. Below is a summary of some of the defence products they have on offer – you can layer in defense where you need a boost, or use all three components for the ultimate in protection.
Barracuda Essentials provides gateway defenses and resiliency. It is a cloud-based solution including multi-layer email security with advanced threat protection, compliance archiving, and Office 365 cloud backup. Essentials is for Office 365, On-Premises and hybrid deployments and as well for other Cloud Email Services like GSuite. Whatever the customer environment – Essentials fits all configurations. It is an easy to deploy Software-as-a-Service solution leveraging our expertise in Security and Data Protection and is available on a per-user license basis.
Barracuda Sentinel stops brand hijacking and catches social engineering attacks, by using artificial intelligence to stop spear phishing attacks without a payload (malicious attachment) that gateway defences miss. Sentinel does this by applying machine learning techniques to build a model of what a “good” email from a specific user is likely to look like. The artificial intelligence has been trained on over 2.5 million mailboxes, and it analyzes over 40 features – things like sender, time of day sent, etc. Unlike rules and policy based approaches, Sentinel is incredibly accurate – with a false positive rate less than 1 in a million. This means that important emails get through when they’re supposed to, while spear phishing attacks get stopped in their tracks.
The second component of Sentinel is brand fraud prevention. Sentinel leverages a standard called DMARC (Domain-based Message Authentication Reporting and Conformance), which builds on two previous standards SPF (sender policy framework) and DKIM (domain keys identified mail) to make sure email is from who it’s supposed to be from. The real value behind DMARC is in it’s reporting. Sentinel helps you to understand who is using your domain, and by extension your brand. There may be legitimate third parties sending email on your behalf, but the reporting gives you a rich insight into who is using your brand so you can set DMARC to enforce rules appropriately and stop people from misusing your email domain.
Barracuda PhishLine is your last line of defense against hard to detect phishing attacks that come in through unsecured channels. It offers power simulation capabilities, that let you test and train high risk users and provides training for your employees to spot and thwart phishing attacks on unsecured personal accounts. By reinforcing behaviour, you turn your users from a liability into strength in resisting carefully crafted and difficult to detect attacks. PhishLine comes with customisable pre-built templates, which means fast time to value and relevant content based on industry trends and best practices. PhishLine also comes with a large inventory of turnkey content, which means your employees get the relevant training they need quickly.
The team at Nexus Fusion hope you have found this blog useful. If you require any more information regarding email security, call us on 01908 760940 or send us an email at email@example.com. If you are interested in any of the Barracuda products, talk to us about your requirements or ask us for a demo of the product. Essentials as well as all other Barracuda products comes with a free 30 day trial, which means that you can see these products working in your own environment before you decide to purchase.