Email-Borne Attacks Have Evolved – Has Your Security?
Email continues to be the number one threat to organizations around the world
Why? Because it’s easy for attackers and hard for you.
According to the latest Verizon Data Breach Report, email breaches have increased to account for 96% of incidents organizations face. Your organization relies on email to be continuously available and accessible, and your users can be too eager to unconsciously help attackers with the simple click of a button. The problem is, attackers have become much smarter over the years and have been continuously honing their email phishing tactics against organizations like yours.
While the Nigerian prince or 419 scams are often thought of as a benchmark for everyday scams, it hasn’t been for years. It’s important to understand that attackers have evolved and thus the security systems organizations use to protect their users and their businesses need to evolve as well. The importance of using a versatile solution is crucial to avoid the next email from being the one to infiltrate your company.
Enter Mimecast’s Targeted Threat Protection; a suite of cloud-delivered services that has grown over the years to combat the very real, very sophisticated, attacks that are becoming increasingly prevalent. As recently described in our press release, Mimecast has just announced several new security controls to address where attackers are going.
Targeted Threat Protection – Impersonation and URL Protect Enhancements
As organizations identify the ways they are being targeted, attackers have found traditional attacks of spoofing domains or registering lookalike domains (i.e. Mirnecast.com instead of Mimecast.com where the “rn” looks like an “m”) are increasingly being caught by advanced security solutions. Attackers are now evolving their methods. In a recent blog post - Phishing with Unicode Domains - a security researcher by the name of Xudong Zheng has highlighted a gap in the rendering of non-western character sets in many browsers and email clients.
Punycode can be used to register domains using foreign characters, which can result in Latin characters appearing in their place, thereby potentially tricking users into thinking they’re on a website they’re not actually on or have received an email from someone who isn’t who they thought. Mimecast has added inspection across various character sets to detect domain similarities to prevent the use of Punycode and other non-western character sets in both its Targeted Threat Protection URL and Impersonation Protect products.
Supply Chain Impersonation
Mimecast’s Anti-Spoofing and DNS Authentication policies have been protecting customers from attackers attempting to spoof domains both that they own and do not own. Mimecast’s Impersonation Protect was developed to help customers protect against attackers using their own domains against them in a variety of ways. Now, Mimecast’s Supply Chain Impersonation protection has been added to Impersonation Protect to prevent attackers from exploiting the trust organizations have with their external business partners.
Organizations can now create a list of external domains they commonly communicate with and Mimecast will scan specifically for attackers attempting to use these domains against them. For example, your company works with adamsaccounting.com - if an attacker attempts to email you from a similar domain, such as adarnsaccounting.com, Mimecast will identify it, block it, and notify you immediately. Additionally, Mimecast maintains a list of commonly exploited domains, such as Google and eBay, to ensure customers are protected from spoofing of well-known internet brands.
Targeted Threat Protection – Internal Email Protect Enhancements
Attackers are continuously developing new tools, new malware, and new methods to evade detection. Mimecast’s Internal Email Protect previously had extended Mimecast’s inbound security capability to monitor and analyze internally generated emails for customers, while automatically removing emails containing malicious URLs, attachments, or sensitive content. To achieve true cyber resilience, the ability to perform remediation is necessary to ensure that any threats previously undetected can be identified and removed post-delivery.
Mimecast’s global threat monitoring service has been expanded to maintain a hash of all files sent inbound, outbound, and internally, and continuously monitor and re-check the status of all files going forward. If a previously delivered file is later identified as being potentially malicious, Mimecast will quickly alert and update administrators, automatically or manually remediate the malware, as well as log the incident actions immediately thereby neutralizing any further spread of an attack.
In our most recent Email Security Risk Assessment, we reported on the threats that might be slipping through your incumbent email security system. With these enhanced features to Secure Email Gateway with Targeted Threat Protection, we could spot nearly 15 million emails that should have never have made it to your inbox.
Stop by booth 554 at Cyber Security Chicago or join Mike Shine, Manager, Systems Engineering, at 1 p.m. on Thursday, Sept. 27, 2018 demonstrating "The Anatomy of an Email Borne Attack," where Mimecast will paint the current threat landscape for email-borne attacks and demonstrate an actual live email based 'hack' in real time.