The most successful cyberattacks are designed to bypass email gateway defenses using social engineering, fraud and other strategies.

5 Min Read
Cyberattacks
Getty Images

The number and variety of cyberattacks continue to expand every year, with an increasing cost to businesses. The FBI estimates that cybercrime resulted in $3.5 billion in losses in 2019.

The majority of these attacks are initiated via email, and they involve increasingly complex techniques that traditional email security solutions are not designed to protect against. The most successful of these attacks are designed to bypass email gateway defenses using social engineering, fraud, and other strategies.

In Barracuda’s eBook 13 Email Threat Types to Know About Right Now, the company outlines an unlucky number of common attacks and how to guard against them. While a robust email gateway is a good start, more advanced solutions based on artificial intelligence (AI), machine learning and an API-based inbox defense approach can provide much more comprehensive protection.

In order of ascending complexity, here are the 13 key email threat types that Barracuda has identified.

Spam: These unsolicited bulk email messages have long been a nuisance. Often, these emails are used to conduct fraud or for phishing scams. It is estimated that more than half of the world’s email traffic is spam, and it costs $20 billion annually in losses. Over time, gateway solutions have become somewhat effective at blocking spam.

Malware: In these attacks, criminals use email to deliver malicious software in a document or download. While there are various types of malware, the vast majority is delivered via email, with ransomware as an increasingly popular tactic. Ransomware costs alone are estimated to have been nearly $170 billion in 2019. Gateway-level protection (including signature matching and sandboxing) can help reduce the threat.

Data exfiltration: This attack involves the unauthorized transfer of data from a computer, often through physical access to a specific computer or via malicious programming on the Internet. Data loss prevention (DLP) approaches can scan outbound emails searching for indications that sensitive data is being shared.

URL phishing: This scam involves tricking users via email to enter sensitive information on fake websites using similar-looking URLs. These highly effective attacks cost nearly $58 million in 2019. Gateways can use URL filtering to block access to these sites, and API-based inbox defense solutions can further protect companies by evaluating actual URL usage.

Scamming: These attacks rely more on psychology than technological trickery. Criminals use fake job postings or fund transfer requests to fool victims into disclosing sensitive information. Both gateway filters and API-based defense systems can effectively scan these types of emails, but end user training is also critical.

Spear phishing: These highly personalized and targeted attacks involve criminals researching potential victims and then creating well-crafted emails meant to fool victims into believing they are from a trusted business or colleague. These attacks are typically seeking login credentials or personal financial details. While traditional email security gateways have difficulty identifying these communications, API-based solutions can use historical email data to identify potential spear-phishing attacks.

Domain impersonation: By impersonating a legitimate domain via typosquatting or other approaches, attackers fool victims into entering sensitive information. These attacks are on the rise and often highly effective. Email gateway blacklists are highly inefficient in guarding against these attacks. API-based solutions are much better at identifying the types of unusual requests that are typical of these attacks.

Brand impersonation: These attacks rely on service impersonation or spoofed domain names. A lack of adoption of DMARC policies at many companies makes it easy for criminals to leverage these types of attacks. Using an API-based inbox tool to recognize fraudulent emails can help, but companies should also implement DMARC authentication to prevent domain spoofing and brand hijacking.

Extortion: Cybercriminals can leverage stolen credentials to launch extortion scams, threatening victims with the existence of embarrassing video or photos. While they account for a relatively small number of total attacks, the FBI estimates extortion costs were more than $107 million in 2019. Because gateways are likely to fail to detect these attacks, and because victims are unlikely to report them out of embarrassment, API-based solutions can automatically identify these emails using statistical models.

Business email compromise: In these attacks, criminals impersonate an employee in an attempt to access financial information, trick other employees into transferring funds or stealing sensitive data. Although they make up just 7% of spear-phishing attacks, they accounted for more than $1.7 billion in losses last year. Again, advanced security solutions that leverage email content analysis to spot potential fraud are the only way to guard against these attacks truly.

Conversation hijacking: Research is key to these attacks, with criminals leveraging stolen credentials to insert themselves into existing email conversations or initiate new communications. A machine learning-based security solution CNA quickly spot a hijacked conversation and block these attacks.

Lateral phishing: Criminals use hijacked accounts to send phishing emails to coworkers or partners. These attacks are highly successful and costly both in terms of financial losses and loss of reputation. Advanced email security solutions are much better at spotting these attacks than gateway solutions, as the malicious emails near pass through the gateway.

Account Takeover: Finally, this most advanced form of attack involves taking over specific end user account credentials. They can then steal additional login information, monitor account activity, and then harvest other data or credentials. Because these attacks bypass the gateway, an inbox-focused solution that can monitor unusual activity is the best defense.

As you can see, the threat landscape is only getting more complicated. While traditional gateways provide an excellent foundation for blocking low-complexity attacks, API-based inbox security solutions must address the more advanced schemes that are gaining traction with today’s bad actors. Using this type of technology, combined with regular employee security awareness training, can significantly reduce the risk of a successful attack.

Mike Flouton is vice president for Barracuda’s email security business. In this role, he oversees product management for Barracuda’s portfolio of email security solutions: Barracuda Total Email Protection, Barracuda Essentials, Barracuda Sentinel and Barracuda PhishLine. Connect with him on LinkedIn here.

This guest blog is part of a Channel Futures sponsorship.

 

Read more about:

MSPs
Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like