https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • MSP 501 Rankings
    • NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Channel Futures 20: Top Tech Providers
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
    • Channel Leaders Lists
  • Events
    • Back
    • 2023 Call for Speakers
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • MSP 501 Rankings
    • NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Channel Futures 20: Top Tech Providers
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
    • Channel Leaders Lists
  • Events
    • Back
    • 2023 Call for Speakers
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Agents
  • Cloud Service Providers
  • Channel Partners Events
 Channel Futures

From the Industry


Sponsor Content

email

How Hackers Evade Email Security

  • August 30, 2018
One of the biggest challenges in detecting and preventing malware is its increasing sophistication. Here's what MSPs can do.

VIPRE Security recently surveyed more than 500 independent IT solutions providers. It was discovered that one of the biggest challenges they face in detecting and preventing malware attacks is the increasing sophistication of those cyberattacks.

Hackers and other malicious actors have become extremely creative in bypassing email security. Traditional security features baked into email clients like Gmail and Outlook are not enough to stop advanced threats, and some email security solutions don’t recognize these sophisticated attacks. Many email users are left vulnerable to potentially malicious email that could drop a malware payload onto their device.

Let’s examine four ways hackers elude email security and how expert resellers and MSPs can combat against them.

1. Embedded Text-Based Links

When senders enter a text link into an email body and push send, email clients like Gmail will automatically convert that text link into a hyperlink when the recipient opens the message. Malicious actors will often use this as a simple yet effective way to bypass most general spam filters, pushing through malicious links.

IT solutions providers can counter by utilizing email security solutions with URL defense. It provides another level of protection against all types of link-based phishing and ransomware attacks. Some solutions will even rewrite links in an email, rescanning them at the time of the click. Many zero-day attacks can stem from seemingly innocent emails containing weaponized links, making it essential to have this security feature.

2. Macros Hidden in Microsoft Office Attachments

Malicious actors have been delivering payloads via macro-enabled Microsoft Office documents for close to a year now. Traditional email security solutions still allow attachments through without fully scanning them. 

Strong email security solutions will offer macro scanning/protection, granular policy creation and attachment sandboxing. Solutions with granular policy control allow virus filtering engines to be fine-tuned to seek out macros embedded in Microsoft Office files. Additionally, attachment sandboxing helps security admins easily determine whether attachments are malicious or not in a secure and isolated virtual test environment. This virtual sandbox is a place potentially malicious files can be executed or “detonated” to identify whether they are truly safe to open or not.

While sandboxing is one of the easier ways to combat hackers, it can potentially be evaded. Cybercriminals can design threats that remain dormant until a future date or until the malware finds itself in a real desktop or other device.

3. Exploiting a Poorly Set Up Firewall

Email security products often require admins to set up certain IP range allowances, allowing only email filters through their security solution. If admins fail to lock down their environments and allow only those specific IP ranges, outside mail can pass through.

An easy solution to this conundrum is to be patient during the setup and configuration of an email security solution. Work with the security company to ensure that the environment is properly configured and locked down, eliminating potentially malicious email that does not filter through the security solution.

4. Weaponized Graymail

Graymail is solicited bulk email messages that don’t fit the common definition of spam. Generally, email types that fit into this category are newsletters, messages sent from automation platforms, and/or advertisements. Graymail recipients normally have opted into an email list to receive these messages. It will be sent by a “reputable source” and will often have some content value to the recipient.

Normally these messages are not malicious, but as email marketing solutions become more readily available, malicious actors can weaponize graymail via embedded images, text, links or HTML within the email. A solid email security solution will contain excellent graymail filtering options to prevent possibly suspicious messages from making it through. Also, as mentioned earlier, URL protection can protect against potential embedded links that have been weaponized.

The methods of hackers will continue to evolve just as quickly as the cybersecurity industry does. It is imperative that IT solutions providers stay well-informed and educated on current trends to combat them. With email being the No. 1 attack vector for ransomware, it becomes essential to implement a best-of-breed solution with advanced security features.

 

 

Tags: Agents Cloud Service Providers MSPs VARs/SIs Best Practices From the Industry Security VIPRE Sponsor Content

Most Recent


  • Businessman reading cloud computing news
    Cloud Computing News: VMware, Celigo, Google Cloud, AWS Dominate the Week
    Find out what the vendors are up to this week and how partners are impacted.
  • OffSec Partners Get Expanded Global Partner Program
    The expanded partner program includes three new partner types.
  • Tech investments
    3 Ways Businesses Can Optimize Their Tech Investments
    Help customers start small, minimize risk and demonstrate business value in a condensed time frame.
  • zero day vulnerability
    Barracuda Networks Identifies Long-Exploited Zero-Day Vulnerability
    The earliest identified evidence of exploitation dates back to October 2022.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • 5G
    5G: Revolution or Evolution?
  • M&A
    Why All MSPs Need to Understand the M&A Landscape
  • hurricane season
    4 Things MSPs Should Consider When Prepping for Hurricane Season
  • zero-trust
    The Benefits of Zero-Trust Security over VPNs

Upcoming Events

View all

Channel Partners Europe

June 13, 2023 - June 14, 2023

Channel Futures Leadership Summit

October 30, 2023 - November 2, 2023

Channel Partners Conference & Expo

March 11, 2024 - March 14, 2024

Galleries

View all

Cloud Computing News: VMware, Celigo, Google Cloud, AWS Dominate the Week

June 2, 2023

Channel People on the Move: HPE, Lumen, Sophos, TD Synnex, AireSpring, More

June 1, 2023

Faces of the Partner: 5 Tech Advisors Retiring, Transitioning

June 1, 2023

Industry Perspectives

View all

Dell Technologies World: Dell Apex Expanded Across On-Premises, Cloud and Edge

May 22, 2023

Identity Is Increasingly Valuable – and Targeted

May 18, 2023

Gaining a Competitive Advantage through AV Managed Services

May 10, 2023

Webinars

View all

From Problem to Profit: Mastering the Science of Selling Using Business Outcomes

May 9, 2023

Meet the 2023 Channel Futures Channel Influencers

April 13, 2023

DE&I Dialogue: How the Right DE&I Initiatives Can Propel Your Business

April 5, 2023

White Papers

View all

6 UCaaS Reseller Challenges and How Real World Businesses Solved Them

February 1, 2023

Frost Radar: North American UCaaS Market, 2022

February 1, 2023

The Complete Guide to White-Label UCaaS for Reseller Success

February 1, 2023

Channel Futures TV

View all

Coffee with Craig and James Episode No. 123: MartinWolf M&A Advisors, CP Expo Preview

UScellular Takes On Rivals with Partner Program Simplicity

April 21, 2023

OpenText Simplifying Deal Registration, Doubling Down on MDF

April 21, 2023

Everything-as-a-Service: CloudBlue Touts Critical Customer Transition

April 18, 2023

Twitter

ChannelFutures

Big happenings for @VMware this week. Plus, @GoogleCloud debuted something huge. And news from @CeligoInc,… twitter.com/i/web/status/1…

June 2, 2023
ChannelFutures

.@offsectraining launches expanded partner program. #cybersecuritytraining dlvr.it/Sq3VxS https://t.co/3SIoF4p18j

June 2, 2023
ChannelFutures

🏆 Trust @eatoncorp as your single source for comprehensive power management solutions that organize, protect and ma… twitter.com/i/web/status/1…

June 2, 2023
ChannelFutures

What could 1.2 million unique views do to your brand? Explore the interactive Channel Futures media kit outlining a… twitter.com/i/web/status/1…

June 2, 2023
ChannelFutures

Thinking about adding #MDR to your cybersecurity stack? @Malwarebytes outlines the questions MSPs need to conside… twitter.com/i/web/status/1…

June 2, 2023
ChannelFutures

Use #automation and #incidentresponse to help customers minimize risk, says @bigpanda. dlvr.it/Sq1zy1 https://t.co/wxxyPbGBeY

June 2, 2023
ChannelFutures

Do you want to gain additional knowledge from extraordinary marketing leaders? This list will provide expert tips a… twitter.com/i/web/status/1…

June 1, 2023
ChannelFutures

.@barracuda discloses email software #vulnerability that's been exploited since fall 2022. dlvr.it/Sq0w4c https://t.co/vqxx8x07eO

June 1, 2023

MSP 501

The industry's largest and most comprehensive partner awards program.

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Galleries

Educational slide shows and images from live events.

Media Kit And Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Events
  • Telecoms.com
  • MSP 501
  • Black Hat
  • IoT World Today
  • Omdia

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X