Blog

March 24, 2017

If you think DMARC – Domain Message Authentication Reporting & Conformance – is the solution to defend against email spoofing, impersonation or business email compromise attacks, you would be only partially correct. It helps but doesn’t by itself solve the entire problem.

Overall these social engineering heavy, impersonation type of email attacks have become a key go-to method for cybercriminals, helping them reap by some estimatebillions of dollars of ill-gotten gains every year. Why are attackers so focused on these types of attacks?  It is simple: The returns are good, the cost of entry is low, technical innovations aren’t needed, and the risk of getting caught is negligible. 

DMARC, when used in conjunction with other DNS authentication capabilities such as DKIM and SPF, can help stop attackers from spoofing or hijacking the email domains of trusted senders, thus effectively taking away one method attackers use to fool their intended victims.  Unfortunately, many organizations don’t support these security standards with the deployments of their email systems.  The FTC recently released a study which confirmed this.  However, using these email security standards alone will not sufficiently defend your organization from the full variety of malware-less impersonation attacks.  Why not?

Unfortunately, attackers are creative.  One way around DMARC/DKIM/SPF-oriented security controls is to register and use valid domains which are similar to, but not exactly the same as, your domain or the domain of one your trusted partners or customers.  For example, using Mirnecast.com instead of the proper Mimecast.com as the sending domain for an attack against Mimecast or someone expecting an email from Mimecast.  Notice the difference - rn .vs. m? 

Mirnecast.com is a perfectly valid domain, the fact that it is quite similar to Mimecast.com is not an issue for email routing on the Internet, but is a big problem for a person who applies only a cursory glance to the sending domain and has no automated email security controls. 

And, of course, there is nothing DMARC can do to stop attackers using free mail accounts to launch their attacks.  Most organizations can’t broadly block emails from Gmail, Yahoo, or Hotmail because they are the source of many legitimate emails. 

The best solution for protecting your organization from an email impersonation attack is to combine the use of DMARC, DKIM and SPF with Mimecast’s Targeted Threat Protection – Impersonation Protect, so inbound messages can be analyzed to determine their validity before being delivered to the users’ inbox.  Inspecting the content of the email for keywords (wire transfer, W-2, credit card etc.) in combination with the validity and newness of the sending domain, the accuracy of the display and reply-to name, in conjunction with using DMARC and family of email security standards, can provide a  strong defense against  malware-less, email-borne impersonation attacks.

Unfortunately, most organizations have not adopted these types of sophisticated email security controls whether at the domain registry or individual mail inspection level.  However, as more businesses adopt email security technologies such as DMARC/DKIM/SPF, the level of protection will increase for everyone on the Internet. Adding DMARC to Mimecast’s security portfolio helps our customers better protect their email domains as well as filter and flag any unauthenticated senders, which leads to improved security for all Mimecast customers.

To learn more about Mimecast’s DMARC implementation in particular and DNS Authentication policies please check out this document in the Mimecaster Central community.

FILED IN

Top Moments at RSA Conference 2017

by Jamie Laliberte Whalen - Sr. Manager, Digital Content and Social Media

February 28, 2017

Our promise to the industry was to engage, educate and provide valuable insight into major cybersecurity issues facing organizations around the world. 

Here is a small recap of what happened at RSA Conference, so you can feel like you were able to attend:

Moment 1: ‘Cyber Resilience Think Tank’ at the San Francisco NASDAQ Center

The Mimecast team hosted a great event at the San Francisco NASDAQ Center for an early morning ‘Think Tank’ lead by Mimecast’s CTO, Neil Murray, and moderated by Venable’s CEO, Ari Schwartz. Security thought leaders from various industries joined in one room to network and share the challenges organizations face today with cyber resilience. As organizations work to become adopt a more cyber resilient strategy there was consensus among the peers in the room that the diversity of the attack must equal the diversity of the defense.

 

 

 

 

Moment 2: Dark Reading Interview with Bob Adams

Lights, camera, action! What a moment for our very own senior cybersecurity strategist, Bob Adams, who was in front of the camera for an interview with Dark Reading. Bob highlighted the latest security gaps with internal email and the proposed solution, which Mimecast launched at the start of the show.  He also discussed how to gain valuable insight into the attacks being missed by many incumbent email security solutions. Interested in watching? Click on the image to watch the full interview below

.

 

 

 

Moment 3: Live Hacks at the Mimecast Booth

Full house, no problem. Security experts Bob Adams, Julian Martin, and Matthew Gardiner demonstrated onsite ‘LIVE HACKS.’ The gist of the hacks incorporated social engineering attacks, phishing attacks and the ease at which a hacker can use email as a primary hacking mechanism to own the target’s system, gain bank information and take over someone’s video camera without them knowing. You can view the live Periscope video below if you would like to take a look for yourself.

 

  

 

 

 

 

 

Moment 4: Insights into the latest Cyber Threat Plaguing email

Who doesn’t like working on solving problems with clients? At the event, we got to meet with many customers and new prospects. Thank you, to everyone who stopped by the booth. We were able to share the latest email security threats we see organizations face daily. This included 421 unknown malware threats, all of which were missed by a number of incumbent email security solutions. Check out a summary of these threats in our latest Email Security Risk Assessment infographic we had posted in the booth here.

 

 

 

 

Related Content:

Mimecast Events Page

 

 

FILED IN

Introducing Mimecast Internal Email Protect

by Matthew Gardiner - Sr. Product Marketing Manager

February 13, 2017

  If you equate internal threats with just malicious insiders you need to read on.  When thinking of the people behind internal threats you need to be concerned about three profiles, not just one:  

  

  1. Compromised Insiders: These employees have had their accounts or systems taken over by an external attacker through credential harvesting, phishing or the installation of various forms of malware. While many of these takeovers are initiated via email, web drive-bys, botnets, and other modes of entry can also be the source of the compromise.                                                                                          
  2. Careless Insiders: There are also employees at every organization who ignore or simply don’t fully understand the organization’s security policies and rules. We call these folks, Careless Insiders. While ignoring security policies is not done with malicious intent, the actions – such as sending sensitive information insecurely or to the wrong people – can put the organization at greater risk of sensitive data leakage or attack.                                                                                                                                                                                                                                                                                                                             
  3. Malicious Insiders: And last but not least, are the Malicious Insiders.  Though not common, malicious insiders do exist, and when they strike can cause significant damage. These rogue employees either intend to profit personally from or do damage to the organization by stealing, leaking or compromising confidential data or systems.

So, which one is the real problem?  Unfortunately, the answer is all of them!  In a recently published survey and report from Forrester, respondents were asked whether their organizations had had security incidents from each of the three types of insiders over the last 24 months. The answering was sobering: 63%, 57%, and 41% respectively had incidents from each type, respectively – Compromised, Careless, and Malicious.  Clearly, internal threats are really threatening and not as rare as one might hope.

To more fully address the security threats represented by the each of these internal threat profiles, Mimecast recently announced the latest addition to our Mimecast Target Threat Protection security service:  Internal Email Protect. Internal Email Protect provides for the scanning of attachments and URLs for internal-to-internal emails as well as content filtering enforced by Data Leak Prevention services. It also includes the ability to automatically delete infected emails and attachments from employees’ inboxes. In addition, so that your organization doesn’t become an attack stepping stone to one of your partners or customers, Internal Email Protect also adds the scanning of attachments and URLs for your outbound emails. Even more exciting, Mimecast is the only cloud-based email security service that has this capability! 

Unfortunately, internal threats are a fact of business life. But by adding Internal Email Protect to your implementation of Mimecast Targeted Threat Protection, this service can reduce the risk that your organization will be negatively impacted by them.

View our Internal Email Protect Press Release here.

FILED IN