How Hackers Evade Email Security

VIPRE Security recently surveyed more than 500 independent IT solutions providers. It was discovered that one of the biggest challenges they face in detecting and preventing malware attacks is the increasing sophistication of those cyberattacks.

Hackers and other malicious actors have become extremely creative in bypassing email security. Traditional security features baked into email clients like Gmail and Outlook are not enough to stop advanced threats, and some email security solutions don’t recognize these sophisticated attacks. Many email users are left vulnerable to potentially malicious email that could drop a malware payload onto their device.

Let’s examine four ways hackers elude email security and how expert resellers and MSPs can combat against them.

1. Embedded Text-Based Links

When senders enter a text link into an email body and push send, email clients like Gmail will automatically convert that text link into a hyperlink when the recipient opens the message. Malicious actors will often use this as a simple yet effective way to bypass most general spam filters, pushing through malicious links.

IT solutions providers can counter by utilizing email security solutions with URL defense. It provides another level of protection against all types of link-based phishing and ransomware attacks. Some solutions will even rewrite links in an email, rescanning them at the time of the click. Many zero-day attacks can stem from seemingly innocent emails containing weaponized links, making it essential to have this security feature.

2. Macros Hidden in Microsoft Office Attachments

Malicious actors have been delivering payloads via macro-enabled Microsoft Office documents for close to a year now. Traditional email security solutions still allow attachments through without fully scanning them. 

Strong email security solutions will offer macro scanning/protection, granular policy creation and attachment sandboxing. Solutions with granular policy control allow virus filtering engines to be fine-tuned to seek out macros embedded in Microsoft Office files. Additionally, attachment sandboxing helps security admins easily determine whether attachments are malicious or not in a secure and isolated virtual test environment. This virtual sandbox is a place potentially malicious files can be executed or “detonated” to identify whether they are truly safe to open or not.

While sandboxing is one of the easier ways to combat hackers, it can potentially be evaded. Cybercriminals can design threats that remain dormant until a future date or until the malware finds itself in a real desktop or other device.

3. Exploiting a Poorly Set Up Firewall

Email security products often require admins to set up certain IP range allowances, allowing only email filters through their security solution. If admins fail to lock down their environments and allow only those specific IP ranges, outside mail can pass through.

An easy solution to this conundrum is to be patient during the setup and configuration of an email security solution. Work with the security company to ensure that the environment is properly configured and locked down, eliminating potentially malicious email that does not filter through the security solution.

4. Weaponized Graymail

Graymail is solicited bulk email messages that don’t fit the common definition of spam. Generally, email types that fit into this category are newsletters, messages sent from automation platforms, and/or advertisements. Graymail recipients normally have opted into an email list to receive these messages. It will be sent by a “reputable source” and will often have some content value to the recipient.

Normally these messages are not malicious, but as email marketing solutions become more readily available, malicious actors can weaponize graymail via embedded images, text, links or HTML within the email. A solid email security solution will contain excellent graymail filtering options to prevent possibly suspicious messages from making it through. Also, as mentioned earlier, URL protection can protect against potential embedded links that have been weaponized.

The methods of hackers will continue to evolve just as quickly as the cybersecurity industry does. It is imperative that IT solutions providers stay well-informed and educated on current trends to combat them. With email being the No. 1 attack vector for ransomware, it becomes essential to implement a best-of-breed solution with advanced security features.