Chapter 1: Understanding Phishing And Other Email Borne Cyber Threats
The coronavirus pandemic has ushered in a revolution where more people work from home or remote locations. Under such circumstances, official correspondence through emails has increased manifold. Therefore, malicious actors have increased opportunities to infiltrate network systems using email-borne cyber threats. Here is a look into some of these threats and methods to mitigate them to ensure an organization’s data confidentiality, integrity, and availability.
What is BEC (Business Email Compromise)?
Phishing is a cyber threat in which fake emails from malicious actors pretending to be genuine mislead you into divulging confidential and crucial information. It has many advanced forms. Business Email Compromise (BEC) is an improved phishing method wherein the malicious actor impersonates or compromises a business executive’s email account to manipulate their subordinate into initiating a financial transaction or wire transfer or revealing sensitive information.
BEC is different from common phishing scams because the target or the employee receiving the business email has reasons to believe that the email source is genuine. On the other hand, phishing emails usually originate from an unknown source. The biggest BEC scam in history involves the swindling of around $121 million from Facebook and Google. If tech giants of such stature can be manipulated, smaller organizations are at a much higher risk.
What is Spoofing?
Spoofing is a tactic where the malicious actor uses an email address or other credentials resembling a genuine entity to make the recipient believe that it is from a trusted source. They use spoofing to extract money or induce targets to download malware or share sensitive information. Unlike BEC, the threat actor does not particularly compromise the email account of the organization’s business executive to send malicious messages. Instead, it could be anyone that the target trusts as genuine.
Different types of spoofing include phone call spoofing, email spoofing, DNS spoofing, IP spoofing, DDoS spoofing, ARP spoofing, etc. The attack against American health insurance provider Humana in 2018 is a classic example of DDoS spoofing. The perpetrators managed to steal the medical, financial, and claims records of nearly 500 people.
Malware, Ransomware, And Trojan
Malware, ransomware, and trojan are a few common forms of threats that may reach you through phishing emails. Here is a brief idea of such threats.
- Malware is software designed to damage, disrupt, and gain unauthorized access to an organization’s network system. Malicious actors often send executable or downloadable files containing malware through emails. The threat actor can control the network remotely by gaining access to it.
- Ransomware is different from malware; it restricts the target from accessing data in their information systems by encrypting it. It places a ransom demand for the target, satisfying which will provide access to the restricted data by decrypting it. The ransom is usually required to be paid in cryptocurrency. One of the most recent and disruptive ransomware attacks was the Colonial Pipeline Attack in May 2021.
- Trojans are malware that disguises themselves as a legitimate program and takes control of your information network system. These viruses pretend to be operational programs and perform destructive actions before you realize their presence.
Email bombing is a kind of DDoS attack where the victim receives an uncontrollable deluge of email messages that quickly fill the inbox, overload the email server, and render it useless. Or, the victim may overlook actual business email communications as they get lost in the flood of fraudulent email messages.
Managing Email Threats Using Email Authentication Protocols
Reports show that 45.1% of all emails were spam in May 2021. Emails are weak links of an organization, opening a path for malicious actors to unleash their cyberattacks. Here are the measures one can take to handle email threats.
- End-to-end encryption is one way of ensuring no third-party entity accesses your email contents.
- Educating employees to identify spurious email communications like BEC scams can save business organizations from cyberattacks.
- Installing anti-malware solutions and regularly updating them can prevent malware from infiltrating the network systems.
- Restricting administrator privileges can help reduce privilege escalation attacks and discourage third-party interference.
- Robust password maintenance is another deterrent to email threats.
- Using high-level email authentication standards can secure emails from the source and prevent phishing or spoofing attacks. The email authentication protocols include the following (More details are covered in the upcoming chapters).
- SPF (Sender Policy Framework): SPF specifies servers and domains authorized to send emails on your domain’s behalf.
- DKIM (DomainKeys Identified Mail): DKIM adds a digital signature to each of your outgoing messages to help the recipient verify that the message originated from the right source.
- DMARC (Domain-based Message Authentication, Reporting, and Conformance): DMARC is a free and open technical specification that authenticates emails by aligning SPF and DKIM mechanisms. It tells receiving servers how to deal with messages that do not pass SPF or DKIM.
With more people using emails for correspondence, malicious actors have greater scope to launch cyber-attacks through email. Hence, organizations need to be aware of the latest mitigation tools like email authentication protocols. Investing in such solutions and regularly updating them can deter most email threats an organization may otherwise face.