To keep their emails safe, businesses must stay ahead of the strategies of cybercriminals. These strategies include rogue software, social engineering, and other threats.
When it comes to securing our employees and their email use, things were a lot easier not long ago. We were all equipped with a data centre. Many of our workers spend their days at work at an office. While SaaS has been available for a while, the ability to access it from anywhere, at any time, and on any device was previously limited.
Fast forward to now, and most businesses use a hosted email system such as microsoft 365 or google workspace. Many employees are working from home. And the adoption of SaaS appears to be increasing year after year.
Unfortunately, email remains a very risky method of communication. Cybercriminals are fully aware of this, and they use email assaults to great effect.
Attackers, like email marketers, may send out millions of emails for pennies. And they just need a small percentage of their targets to fall for the attack to make hundreds of dollars. Unfortunately, there is almost no risk for hackers to initiate these sorts of attacks—and they are becoming more sophisticated by the day. Here are a few new ways they’re reaching out to your users.
Advanced Inbound Email Attacks
Inbound email attacks are becoming increasingly sophisticated, and it’s not just fictitious CEOs requesting gift cards. Many of the technologies we are all acquainted with are being used by cybercriminals for malicious ends. As an example:
- ChatGPT can assist fraudsters in creating high-quality emails that deceive workers.
- Grammarly removes numerous grammar errors and misspellings that might alert email users to potential scam mailings.
- LinkedIn is used to target new workers who are inexperienced with your security standards or to mimic team members more successfully.
Consider the following real-world example.
Attack Example: Email Report Theft in Italian
In this assault, an impersonated firm executive requests a list of all outstanding payments, including late sums, for all clients. The email is written in Italian, so it will mix in better with other business interactions.
In this case, the email was sent from a hacked email account at a firm unconnected to the target company and the sender’s identity. The display name was fake to match the impersonated employee’s name. Because this assault was text-based and without any other suspicion of malware, a secure email gateway has nothing to go on to detect its malicious purpose.
What if the victim believes the phony email and provides the information? So, the attacker now has a list of other customers and persons they may target. Also, attackers can use social engineering to determine exactly how much is owed and outstanding amounts. Thus, giving the sender greater credibility and trust in the new victim.
Increased vendor targeting and impersonation
The second reason that things are becoming more difficult is that cybercriminals are avoiding impersonating your executives. Instead, they pose as your providers or third-party solutions utilised within your company.
These cybercriminals are aware of the technology in use inside your organisation. They recognise that those solutions typically generate many emails because of the back-and-forth of password resets or upgrades. And they’re expertly imitating those so that they appear to be real emails that a user could anticipate from this assault.
Attack Example: Compromised Vendor with Hijacked Thread
The original email was sent in the name of one of the targeted company’s external distribution partners’ heads of finance. The communication requested that the receiver give a list of outstanding debts owed to the partner. Due to an audit examination of the account, the notice said that the partner’s previous bank information should be ignored. The email also offered a 5% discount if they could pay before the end of the day. The email address indicated as the message’s origin looked to be a hacked external account unrelated to the impersonated partner.
However, the reply address was sent to an account set up by a company that offers free encrypted email services to conceal all the attack targets. Again, the attacker BCC’d all their recipients rather than putting them in the standard “to” box. This was a text-based account with no symptoms of infection. Therefore, a secure email gateway could do a few things to detect malicious intent. There are no clear indicators that the email’s origin is malicious because it was sent from a genuine account.
It is not unusual to find a vendor that has been hacked. The hackers enter and search through the provided folder. They locate emails, and threads, and determine who their targets should be. Then copied and pasted the email message. They build a similar domain. They copy and paste it before sending it back to the original recipients.
Implementation of Third-Party Applications and Integrations
Unfortunately, it is no longer merely a simple incoming email. Cybercriminals are omnichannel, and they’re discovering new methods to get into your email infrastructure. Recently, there has been an emphasis on third-party apps. The attackers would employ social engineering to persuade a user to install what looks to be a genuine application. Which gives them near-instant data on what is going on within the inbox.
Access Compromise using a Third-Party App
In February 2020, attackers built an Azure application with email access inside News Corp’s M365 tenant, which owns The Wall Street Journal and The New York Post. The apps exhibited no discernible adverse effects after being implemented in the environment. The app sent records of searches and emails to the attacker’s server regularly over two years before it was discovered.
Corporations frequently incorporate hundreds or thousands of third-party apps into their Google or Microsoft environment. These apps are appealing to attackers since they don’t need them to hack email accounts or create fake ones.
Preventing Modern Email Attacks
Despite these significant and real-world examples, the news isn’t all bad. The fact is that email remains the universal denominator. Email is used by every organisation, large or small. We cannot eliminate email as a medium, but we can take steps to prevent current email threats.
When discussing current email assaults, we must consider cloud email security as extending beyond the message itself. To combat both inbound email assaults that come via the front door and third-party application attacks that enter through side doors in our email infrastructure, we must take a comprehensive approach to cloud email security.
This necessitates the development of a new solution that comprehends the people, providers, and apps in your ecosystem. Moreover, can baseline regular behaviour to discover unusual activity. Traditional methods of identifying assaults by looking for known bad signatures no longer work. Instead, it’s time to learn about new techniques.
