Protect Against Advanced E-Mail Borne Threats.
According to the Symantec 2017, Threat Report, email is back to being the weapon of choice for criminals. One in 131 emails now directly contain malware, the highest since 2012. This statistic excludes emails that contain links to malware distribution and phishing sites and executive phishing (CEO fraud) scams.
Today, Email Security Requires Sophisticated Approaches
Email security is no longer as simple as filtering for known malware and blacklisting spam relays. Criminals are now releasing malware variants every three hours and with higher payouts from crime, they can afford to keep buying and burning clean IP addresses to send out phishing scams. With executive phishing netting millions of dollars, smart criminals can afford to invest more individual attention and money as well as keep persisting to get their attacks through.
For example, in a campaign boasted on the dark web, a criminal managed to convince a CFO to transfer a large sum of money to the criminals account. It took some work from researching the CEO and CFO, reconstructing newsletters, to adding new rules in the CEOs mailbox and finally sending emails containing a hidden string in white text to the CFO to make an urgent money transfer. A sophisticated and highly targeted attack like this won’t be detected by a traditional email security gateway; however, modern email security gateway can detect this level of criminal behavior.
To cope with modern threats, an email security solution should be able to:
• Filter known viruses and spam
• Sandbox all attachments with customizable software versions and anti-sandbox-detection capabilities
• Detect forged ‘from’ addresses, using SPF or similar technologies
• Rewrite URLs to prevent criminals changing DataSecure at ‘click time’.
Exceptional solutions should:
• Use global threat intelligence solutions to improve detection rates
• Include forensic capabilities such as reporting all users who have received the same email
• Rebuild documents into fresh, safe templates removing malformed structures and malicious code.