If the only real email threat was spam, not much would be done on a business level to stop it. We all know that dealing with spam drains time away that could be spent on more productive things, but honestly receiving junk advertising messages isn’t always the biggest concern for your average business.
Spam isn’t the only threat facing the email administrator; but it is the one that most people are familiar with so it has become the de facto poster child for email related risks. As a result, many organizations put their resources into anti-spam solutions that block emails using keywords and blacklists and then divert the remaining security budget towards network based security solutions. Cyber criminals are well aware of this fact. They know full well that many organizations leave email full of vulnerabilities and they take advantage of this.
Of course, if you are aware of the many other threats that face your email assets, and can relate these to management, you stand a better chance at thwarting any attacks launched at them. But first, you have to know what the threats are…
A little story
If you have been reading up about the recent Mandiant report on Advanced Persistent Threats then you are truly ahead of the game here. If you’re scratching your head and wondering what report I’m talking about then allow me to explain how a cyber criminal can use email to compromise a system with this little story.
Alice works for XYZ Industries, a company who sells widgets over the Internet. She is an executive with access to just about every resource the company has. Bob works in shipping and has limited access to things like databases and customer information.
Mallory wants the credit card numbers and verification codes that Alice and Bob’s company has so she crafts an email with a malicious attachment that is actually a keystroke logger and sends it out to everyone at XYZ Industries. While Alice ignores the email, Bob downloads the file and infects his computer. It is only a matter of time before Bob’s user credentials are compromised by Mallory. Using these stolen credentials, she is able to access the XYZ network and gather more information to successfully compromise Alice, giving Mallory access to all of the credit card data, and customer data, that she was originally after.
Just don’t download, right?
Most people might think that if downloads were blocked by the email filter then this would never be a problem. What they fail to realize is that the threats are so advanced now that simply blocking against known vulnerabilities will not work.
Attackers might use a link to a malicious website instead of an attachment. When the victim clicks the link and visits the site their computer is infected. Sometimes, they wait a few days to upload malware to the site in question; a technique called waterholing. Other emails simply use URLs that point to a forged site in order to capture usernames and passwords. The victims, thinking they are logging into their account, are actually visiting a website that has been crafted to look exactly like the original. Only the forged site was built to steal their login information.
Seeing things like this might make you question whether or not email is even worth it. After all, if blocking emails that contain certain words, come from certain senders or contain attachments is not protection enough then what is a business to do?
The only answer is to take email threats seriously enough to look for a solution that encompasses more than just your traditional whitelist/blacklist technology. Email security solutions need to be able to protect against all known threats and defend against zero-day threats. By looking at patterns and learning from user input, these advanced solutions can do more than just stop and email whose subject line contains the words, “lower your mortgage”. Tell your boss this story; maybe you want to switch out credit card numbers for blueprints or schematics. Maybe the attacker is after email conversations about a merger. Whatever the target, it can fit into this scenario because if it’s worth protecting, then the bad guys are after it. And they will use email to get it.