The prevalence of email (addresses, services, checking behaviours) has made it a key vector for hackers, attackers, and others devoted to maleficence. There are many varieties of bad email:
– spam – unwanted email messages, normally carrying a commercial offer. Annoying and productivity draining at best; may carry other nefarious payloads at worse.
– phishing – an email message pretending to be something it is not, with the intent of capturing a user account for subsequent actions. Phishing is a key method of account compromise.
– whaling / CEO fraud / spear-phishing – a highly targeted email message sent to a specific individual (normally high ranking with special financial authorisations) requesting a specific action that sounds highly probable and likely given the (falsified) details in the email.
– privileged account compromise – targeted efforts to get the account credentials for a high-level IT administrator, because once you have the keys to the kingdom, you have the kingdom.
– attachments infected with viruses, ransomware, and malware
– … and many more.
Security vendors provide a range of protections against the many and varied types of attacks:
– anti-spam to filter out unwanted messages, based on certain attributes and qualities.
– reputation services that analyse message characteristics to discern the valid from the invalid.
– signature-based anti-malware services, that compare message and attachment characteristics with known malware signatures.
– denotation chambers to deal with unknown, new, and never-been-seen-before malware variants (zero-day threats). Attachments and other links are executed in a controlled environment and recursively analysed for fingerprints of badness. If nothing is identified, the message and attachment is deemed safe and passed through to the user.
– domain name checking to see whether the signals about message authenticity align with the domain name represented in the sender details.
– domain name lookalike and sound alike checks, to see if the sender is trying to fool you by using a valid domain name with valid reputation but that is pretending to be your domain name or the domain name of a trusted business partner. Such as michaelsampson.net versus michealsampson.net or michae1sampson.net or m1chaelsampson.net or michaelsampsn.net. If you don’t look close enough, you’ll miss the false pretence.
– wider industry standards around email reputation and authentication, to minimise the valid attack surface, and thus force the creation of false signals when everything doesn’t line up.
For every program manager, product manager and software engineer focused on making productivity-enhancing tools, there are at least as many focused on safeguarding that productivity through security tools.
Categories: Data Protection