It is also important to implement DMARC checking on all inbound mail (usually an easily accessible option for most mail gateways). To be effective, sender identity solutions will need to address all three types of identity-based attacks.ĭomain-spoofing can be curtailed with an effective DMARC enforcement policy for all domains that your organization owns. To protect themselves against this new generation of attack, organizations need to deploy an additional line of defense: Validating sender identity. Open-signup attacks (aka user impersonation or friendly-from): Emails that show a legitimate sender name in the “friendly from” field but are sent from an account created on a free consumer webmail service like Gmail or Yahoo.Untrusted-domain attacks (aka domain impersonation): Emails that are sent from slightly altered “lookalike” or “cousin” domains.Domain-spoofing attacks: Emails that directly impersonate a trusted sender by putting their domain in the “From” field of a message. ![]() In fact, there are three types of identity-based attacks, each of which exploits a unique vulnerability in content-centric email defenses: According to Google, 68% of phishing attempts have never been seen before, and the average phishing campaign lasts only 12 minutes. Meanwhile, the phishers use automation to iterate their attacks with extreme rapidity. These emails’ lack of identifiably malicious content means they can easily bypass most current email defenses. A comparable percentage is malwareless: They do not contain attachments or files that would ordinarily set off malware-scanning alarms. The Heart of the ProblemĪlmost 90% of email attacks manipulate sender identity to fool recipients and initiate social engineering attacks. The proof is in the results: Phishing attacks of just one type - the business email compromise (BEC) - have caused at least $26 billion in losses in the past five years alone, according to the FBI. Such AI/ML techniques simply aren’t suited to deal with a rapidly mutating attack profile. Unfortunately, despite the advances in artificial intelligence and machine learning (AI/ML), defensive strategies have not been able to keep up. Playing the odds at scale to take advantage of the fact that humans are error-prone.Continuous development of new tactics to stay ahead of training and simulations.Exploiting the human tendency to act and react emotionally, especially to false urgency.Launching campaigns with such frequency and scale that deny lists can’t possibly stay up to dateĪnd finally, they bypass the last line of defense – humans – by deceiving end-users:.Continuously rotating IP addresses globally.Using infinite permutations of bogus domains and spurious contact identities.They evade the mail client by defeating blocklists and spam filters: Leveraging identity deception to avoid filtering technologies.Deploying agile, rapidly evolving campaigns to evade predictive modeling.Creating a gap in human perception and machine perception.The problem is that attackers have learned how to get through email security at all three defensive layers currently in use by most organizations: the gateway, the mail client, and the end-user.Īttackers evade the secure email gateway by outsmarting AI/ML engines: “Urgent” invoices from trusted “business partners” contain misleading bank information for wire transfers. Emails from “your CEO” ask for gift card donations to a charity. A message from an unknown sender appears as a personal note from one of your friends. One campaign hijacks the World Health Organization’s identity and offers dubious tips and dangerous links to COVID-19 resources. Phishing attacks are increasingly mutating fast, shifting tactics and lures constantly. This is why it’s so critical to verify that the emails that land in your inbox are trustworthy and safe. This is an environment where workers are more distracted and using less-secure networks and hardware. It’s used for account activation, service registration, password resets, invoicing, purchase verification, opt-in confirmations, loyalty clubs, and identity verification.Īdding to risk factors is the fact that a record number of employees are working from home. ![]() It’s an essential line of communication for one-on-one and group conversations, both business-to-business and business-to-consumer. Why? Email is at the heart of everything we do online. Despite massive advancements in perimeter and endpoint defenses, email remains a cybersecurity weak link for many companies.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |