Virtualization Technology News and Information
Mid-2018 Trend: Ransomware Giving Way to Sophisticated Email-Borne Attacks

Written by Sébastien Gest, Technical Evangelist at Vade Secure  

After a year riddled by ransomware attacks such as Jaff, Locky, Wannacry and Petrwarp in 2017, 2018 is ushering in a new trend of email-borne threats - such as phishing. Whereas in 2017, cyberattacks exploited software vulnerabilities, today they are based on the vulnerabilities of an employees' cyber vigilance. It's becoming more and more complicated for employees to detect a phishing attack in their inbox, whether they're warned and aware of cyberattacks or not.

So, is switching your email system to a Cloud solution the answer?

It is estimated that 90 percent of companies will migrate their email systems to a cloud-based solution in 2018. This massive shift to the cloud provides a better guaranty of protection, especially because regular updates limit the risks of security breaches. However, the counterpart to this massive migration lies in the surge of attacks targeting cloud-based email venders - such as Google and Microsoft.

These new email-borne threats - such as phishing - succeed by posing as the brands and services we use every day (such as Netflix, Amazon, Alibaba, Whole Foods, Verizon and many more), and exploit our obligations as citizens (creating fake tax forms to fill out) and our activity at work (unpaid invoice, domain name renewal, etc). Unfortunately, they spare no one and affect every type of industry and every size of company.

Less well known than ransomware attacks, phishing campaigns are becoming increasingly sophisticated, more and more realistic and harder to identify. They slip past employees' vigilance and circumvent the traditional protections put in place on the email system. The theft of login credentials on these collaborative platforms opens the door to all company applications and data.

Big names - such as Google and Microsoft - continue to be a goldmine for hackers.

Large cloud-based email venders allow organizations to bundle login credential with multiple applications; for example, Office 365 allows users to pair email credentials with other Office Store apps - Word, Exchange, SharePoint, etc. This convenience has encouraged organizations to move more and more confidential information to a large cloud-based server, setting the stage for a surge of phishing attack nightmares for IT.

Given the large amount of confidential information that could be accessed through a single Office 365 or Google account, it's no surprise that email-borne threats continue. Depending on the reach of the attack, hackers have the potential to:

  • Collect the owner's login credentials, financial accounts and other sensitive information, which can later be sold to identity thieves
  • Access an entire company network to monitor and steal corporate information
  • Lock up computers and demand a ransom to restore access to the company network
  • Use the infected company's network to launch attacks outside the company

The media's attention to ransomware has raised awareness of it and reduced its impact on companies.

Hackers, for their part, are well aware that the increased coverage of ransomware in the media has led to new vigilance in companies. Caution toward nightmare cyberattacks has led to the implementation of increased protection measures, both by equipping themselves with appropriate solutions (whether in terms of email protection or data backup systems, for example) and by alerting their employees to the detection of threats.

Today, employees think twice before clicking on an attachment ("Think before you click!") and companies are making the choice to restore a backup earlier instead of paying a ransom. These new behaviors make life more difficult for hackers, so they're looking for other, harder to detect ways to commit their crimes, hence the upsurge in phishing attacks.

Despite the latest anti-phishing advancements, email is today's primary vector of attack.

Looking towards the second half of 2018, companies will need to set their sights on more sophisticated ways to protect their employees from email-borne threats. The important thing is to have a solution that allows blocking of not just known threats, but also unknown threats, and therefore have protection against zero-day attacks (attacks that exploit weaknesses that have not yet been revealed and documented). Guarding against data leakage also means having a solution for email protection that provides an analysis of links present in the emails, including the moment when they are clicked (anti-phishing), or proposing specific protection against identity theft and data theft (anti-spear phishing).

A specialized solution must be fully aligned with this strategy, while letting you add a complimentary layer of security to protect your email system. According to Gartner, by 2020, 50% of Office 365 clients will be relying on third-party applications to enhance the security of their email. To remain vigilant on the cloud, companies will need to opt for an additional layer of security that can detect new sophisticated attacks, including those on Office 365.


About the Author


With experience in the telecoms and startup worlds, Sébastien Gest is a co-board member of MAAWG, and is a Technical Evangelist at Vade Secure.

Published Tuesday, July 03, 2018 8:56 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<July 2018>