Several large institutions, such as banks, hospitals, large service providers, and state services, have been victims of various cyberattacks. The most successful of these events were phishing scams, where the attacker made use of a mix of social engineering with advanced email spam and malware distribution techniques to collect information.
This can be anything from passwords to tax information, or other sensitive data used to validate payment transactions or transfers. If phishing starts to become targeted enough that people begin singling out individuals and groups for a very large profit, the consequences could be dire.
Today phishing is used to deploy malware, and the potential damage to its target can be significantly greater with the malware acting as ransomware and spreading across the network.
How can we go strengthen current email protection system?
What is the best course of action to take when you are looking for an advanced email protection (that can protect from potential phishing and ransomware attacks)?
Nowadays, most solutions only contain conventional spam filters that can stop most of the attacks, but not all. A Conventional Spam Filter scores and weeds out emails based on recognizable waves of unwanted emails which correlate IP address and domain age.
To bypass the traditional filtering methods, attackers maintain a substantive amount of lookalike domains to perpetrate targeted phishing attacks. In addition to these filters, it is common to use SPF, DKIM and DMARC protocols which are very useful in preventing large-scale identity phishing. Nevertheless, they were built for general message authentication, not to weed out targeted attacks that take time to set up and employ.
To stop the typical workarounds used to bypass lookalike domains verified by a conventional spam filter, it is imperative to add Phishing Filters. These dedicated filters should be added to the existing filters since they are able to determine “lookalike” domains, spoof “header from” email addresses or even mismatch “reply-to” addresses with seemingly legitimate “header from” addresses.
The key feature of phishing filters is the recognition and prevention of emails from suspicious sources, using algorithms that determine similarities between senders and recipients as well as “from” and “to” domains.
Another aspect to consider with phishing email scams is the sophisticated malware present on attached files. This malware is usually attached to media files (Microsoft Word documents, PDFs, audio files, etc.), and can be found in malicious download links. The software gets installed on a victim’s machine without their knowledge, posing a threat to any organization.
For this growing type of attack, it is important to use Automated Malware Analysis, which combines both a dynamic and static analysis of different malicious files as well as malicious URLs. This system prevents data collection from, for instance, a bank worker that was a victim of a phishing attack that aimed to install a software and steal information from the bank customers.
The next generation of email security platforms will have to go beyond conventional spam filters to outmaneuver phishing scams. To achieve this, it is essential to employ several key vectors: conventional spam filter, modern phishing filters, and automated malware analysis.
Author: Miguel Caldeira
Miguel Caldeira is a Software Engineer at AnubisNetworks with degrees in Master, Electronics, and Telecommunications Engineering. Started on GMV as Software Engineer on aeronautics security projects. He then joined to AnubisNetworks, where he is worked on email security solutions.