Corporate email continues to rule in the world of business. Today, the average office worker receives 120 emails every day. While many of these emails pertain to business as usual, not every email is quite what it seems. Now more than ever, organizations are on the receiving end of advanced email attacks that aim to steal money, pilfer data or compromise systems.
What is an email attack?
What is the purpose of an email attack?
Email attacks can take many forms but are typically deployed by cybercriminals in order to steal money or data. In order to keep organizations secure, it is important that employees are able to recognize the most common types of email attacks and understand the potential impact that they could have.
Most common types of email attacks
Cybercriminals can leverage email in multiple ways to attack people and systems. There are a variety of tactics that range from being very broad to very targeted:
Spam. Spam is known as a high volume commercial messaging sent over email.Despite several tools to filter out unwanted email, spam remains a significant challenge for organizations large and small. 56 percent of all email traffic is made up of spam; so while spam is not always the vector of attack, its sheer volume helps obfuscate real attacks, such as spear phishing.
Phishing. Phishing is a fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by pretending to be a trusted entity.Phishing attacks are sent in high volume, and the legitimate look of the email can trick users into accidentally opening an attachment or clicking on a malicious link. However, phishing emails are not personalized and tend to start with generic greetings like “hello” or “dear sir.” What makes phishing attacks successful is that even though a small percentage of targets fall for the attack, the sheer number of people receiving the email means that the attacker is likely to have some success.
Spear phishing. Spear phishing is an advanced phishing attack that is targeted at one or a few individuals. This type of attack targets a specific individual and tries to impersonate a person or an entity that they trust. Before the attack is launched, the attacker spends time researching their target to gain information such as their name, or suppliers that the target uses in order to make the email appear legitimate. Because spear phishing emails are more sophisticated in their construction and convincing in execution, they are harder to catch.
Business Email Compromise (BEC) is when a relationship is hijacked through email – an attacker tries to trick someone into thinking they are a trusted contact in order to steal money or information. BEC can be accomplished through spear phishing or account takeover. Read more about BEC here. According to the FBI, BEC attacks cost organizations $26bn between 2018 – 2019. In fact, BEC attacks have now overtaken both ransomware and data breaches as the main reason that companies file a cyber-insurance claim according to insurance giant AIG.
Consequences of email attacks
There are a variety of outcomes that can occur from the above email attacks. Here they are:
Malware: Malware is a computer software that has a malicious intent. Some of the different types of malware include ransomware and spyware, which have the goal of gaining control of infrastructure, farming credentials or gaining access to passwords.
Ransomware is a type of malware that essentially holds a target hostage; attackers will demand a fee in exchange for unencrypting the target’s systems. Like malware, ransomware is a payload that is often deployed by phishing or spear phishing emails. Ransomware can have a significant impact, as seen with the WannaCry attack, which was estimated to have affected more than 200,000 computers across 150 separate countries. The financial outcome of ransomware has made it attractive for attackers, with over $1 billion being racked up by criminals annually. Businesses and governments continue to get inundated with ransomware attempts and reports even suggest that more than 600 US government entities have been hit with ransomware so far this year.
Credential Theft. Credential theft occurs when an attacker is able to steal the credentials of the target by executing a successful phishing or spear phishing attack. Often, the email will include a link which will take the target to a fake login page where the target’s credentials are ultimately harvested.
Wire-transfer fraud. Wire-transfer fraud is when a target wires money to an attacker’s account. Wire-transfer fraud can be accomplished by the attacker including bank details in a phishing or spear phishing email, and requesting the target to pay a specific amount. Another way that this can be achieved is if the attacker tricks someone into changing the details of the bank account to which a recurring payment is paid.
Why are email attacks so successful?
Phishing and BEC attacks are difficult to detect because cybercriminals are utilizing social engineering techniques in order to build trust. The attacker manipulates the target by posing as a trusted individual or organization and will oftentimes engage in a conversation over several emails, before requesting the target to divulge credentials, confidential data, or to wire money to an account they own. Social engineering is what contributes to the success of these attacks because attackers use convincing language to get people to act instinctively, not rationally. For example cybercriminals were able to access payroll information of 700 current and former employees at social media behemoth Snapchat by posing as CEO Evan Spiegel in an email and tricking a junior employee into sending them the confidential data.
Email impersonation can take on a variety of forms, such as display name impersonation where the attacker sets a deceptive display name on their email account, or spoofing where an attacker forges an email to make it appear as if it’s been sent from another email address.
Email authentication protocols such as DMARC, DKIM and SPF have been introduced over the years as an attempt to stop spoofing. The problem with these three protocols, though, is that many organizations have yet to adopt them and weaknesses can be exploited. For example, 80% of Fortune 500 companies do not have DMARC policies set up. As well, this email authentication only prevents an employee’s individual domain from being spoofed but it does not prevent them from receiving emails that have been spoofed. Finally, it’s easy for attackers to figure out which counterparties don’t have email authentication set up as DMARC records are publicly available.
Email attacks continue to cause sleepless nights for IT administrators everywhere. Although many organizations have implemented employee training programs into their security strategy, these programs often are not designed to account for human error. Human error is the main cause for the majority of data breaches, and it can easily occur because employees can become distracted or tired which leads to mistakes being made over email. The assumption that employees can become an effective line of defense after undertaking just a few hours of security training is unrealistic. Security teams need to implement the right technology to support employees without getting in the way of their day-to-day business.
How can machine learning help stop sophisticated email attacks?
Defending against targeted email-borne threats requires superior email security. Legacy tools have not been able to keep pace with evolving email attacks. Rule-based systems may be able to block simple impersonations, but struggle to detect more complex ones. Complex impersonation attacks cause more damage for organizations. It is time for organizations to adopt a more intelligent approach to inbound threats – one that understands historical email relationships and communication patterns, and can therefore, automatically detect anomalies and threats.
Tessian’s stateful machine learning engine learns the difference between normal and abnormal email communications. In real time, Tessian automatically prevents the most advanced forms of spear phishing, accidental data loss and data exfiltration. This ensures that organizations can stay ahead of attackers and protect the data that they hold most dear.
To learn more about how Tessian is helping organizations like Arm keep data safe, talk to one of our experts today.