Ask an MSP Expert

Q: As cybercriminals are becoming more sophisticated, it is harder to keep up with the different types of attacks. What are some of the most prevalent methods of email attacks today, and what do I need to know about them?

One of the most rapidly evolving attacks is spear phishing. In fact, it was recently discovered that 91 percent of cyber-attacks start with a spear phishing email. This is a personalized form of email attack where attackers research their targets and craft carefully designed messages, often impersonating a trusted colleague, website, or business.

To help educate businesses on this evolving threat, Barracuda recently released the report Spear Phishing: Top Threats and Trends. Barracuda examined over 360,000 spear phishing attempts in a three month period and one of the most interesting findings was that cyber criminals carefully time their attacks to trick busy employees. In fact, over the course of the week spear phishing attacks spike Tuesday through Thursday — with one in five phishing attempts happening on Tuesday. Keeping your customers safe from these attacks can be challenging, so we examined three major types of spear phishing attacks and how they are delivered.

Spear phishing threats are rapidly evolving

Cyber criminals are continually evolving their techniques so that their attacks avoid detection, and spear phishing is no exception. These attacks fall into three main categories: brand impersonation, blackmail, and business email compromise.

Brand impersonation and brand hijacking. In this type of spear phishing attack, a malicious email looks like it is coming from a reputable company or business application. Cyber criminals use carefully designed templates and domain-spoofing techniques that make it difficult for employees to detect a fraudulent email. While it looks legitimate, this attempt is designed to steal users’ credentials. These attacks continue to be successful because they use zero-day links that haven’t been used in previous attacks, or they are added to the legitimate website that has been hijacked.

Business email compromise (BEC) and account takeover attacks (ATO). Business email compromise is when the attacker uses a compromised account — which could be the CEO, an executive, or another trusted source — to get individuals to initiate a wire transfer or gather other sensitive information. Because these emails appear to be coming from a legitimate account, these attacks are very effective and difficult for employees to identify.

Blackmail or sextortion scams. In this type of attack, cyber criminals claim to be in possession of very personal information – such as compromising videos, images, or other personal information. With this type of attack, cyber criminals insist that you pay them the ransom otherwise they will send this information to all of your contacts. Due to the sensitive nature of these attacks, they aren’t frequently reported, despite their increasing volume.

Safeguarding your customers from these advanced threats

The best way to protect your customers from these attacks it to adopt a multi-layered email security approach that includes:

  • Artificial intelligence. Cyber criminals are now using advanced techniques to bypass traditional email security filters. A product like Barracuda Sentinel layered on top of an email security solution, can use machine learning and artificial intelligence to detect anomalies in communication patterns. Once an anomaly is discovered, the message is quarantined, and it alerts IT.
  • User education. The weakest link in your customers security environment is most often the employees themselves. Cyber criminals can be relentless and even with the best security measures in place, they can still find a way in. For example, if your customer were to receive a convincing phone call from a “Microsoft” employee, would they surrender their credentials? Hopefully not. Regardless, they need to be aware of suspicious requests — both online and off.
  • Multi-factor authentication. Multi-factor authentication or two-step variation provides an additional security layer for your customers’ accounts by requiring an additional security measure beyond the username and password. This could include entering an authentication code sent by a text or phone call, a retinal scan, or even a thumb print.
  • Email security product that includes robust capabilities. Traditional email security that relies on checking black lists for reputation analysis doesn’t cut it anymore. With today’s advanced attacks, you need to find an email security solution that incorporates more robust features that can recognize zero-day links and phishing attempts.

As cyber criminals become more sophisticated in their tactics, security measures need to become more sophisticated as well. Start by educating your customers on the latest types of attacks and then implement the security measures to prevent attacks from arriving in their inbox in the first place.

Photo:  wk1003mike / Shutterstock.

Lauren Beliveau

Posted by Lauren Beliveau

Lauren is a content and product marketer with several years of experience in the IT channel. She has created and developed content that helps managed service providers grow their business, and has written many articles featured in SmarterMSP’s The MSP’s Bookshelf and Ask an MSP Expert series.

Leave a reply

Your email address will not be published. Required fields are marked *