Research after research report confirms the biggest cybersecurity threat organizations face is malware delivered via email. The 2019 Verizon Data Breach Investigations Report (DBIR) found that 94% of malware for the average company was received through the email threat vector. Additionally, they found 45% of malware was delivered via email attachment (i.e. Microsoft Office macros).
The good news is many organizations have begun to recognize this and invest in more thorough measures to protect their end-users. However, the bad news is many of these measures still allow end-users to remain vulnerable to potential attacks. Especially those that are link and attachment-based.
VIPRE Security knows there are effective steps a business can take to protect its most vulnerable threat vector. While most advanced email security solutions will protect against basic level spam attacks, we implore admins to take their email security measures a step further.
Protect Against Link-Based Attacks
One of the first actions, which should be standard throughout all email security implementations, is protecting against link-based attacks with a solution that offers URL protection.
Threat actors can easily weaponize links in various manners to bypass standard email security procedures. They can easily delay the weaponization of links where they use shortened URLs and/or simple URL redirects to deliver malicious payloads. They will wait until an email is sent and most likely through filtering solutions to then redirect the link to the malicious URL. If a link doesn’t appear malicious upon an initial scan, it will probably be delivered to an inbox if it meets all other criteria.
Link-based phishing attacks are extremely common and have worked for threat actors with very favorable outcomes. Within the past year there have been numerous successful ransomware attacks on municipal governments. These strikes were able to extort millions of dollars in either successful ransoms or even larger sums that were required for the governments to recover on their own, all which stemmed from link-based attacks making it through their security measures. Considering this, URL protection within an email security solution is essential.
A good URL protection solution will guard against link-based URL attacks which are the leading cause of ransomware delivered via email. These cybersecurity solutions will protect end-users by ensuring that a malicious URL cannot become weaponized and redirect to harmful websites or download malicious files.
Defend Your Organization from Malicious Attachments
Malicious attachments are one of the most overlooked causes of advanced, polymorphic malware attacks. Quite often attachments are rarely ever evaluated for malicious properties by basic email security measures. They require a completely different approach to stop this pervasive threat.
An attachment, such as a Microsoft Office document, can have macros embedded within them that will take advantage of VBA (Visual Basic for Applications) programming in Office files. Once the document is opened by an unknowing end-user, malware coded into the VBA will begin to infect all files that are opened using Microsoft Office.
Attachment sandboxing solutions prevent the propagation of malicious attacks that could easily bypass simple email security methodologies. These advanced measures take each individual email message that contains an attachment and examines the file by itself. It extracts the attachments from the message and then places it in a virtual, contained environment (the “sandbox”). Once in the sandbox it will be opened to catch any malicious activity or attempts to download additional components that could also perform nefarious activities.
Act Before It Is Too Late
There are no signs of email-based ransomware attacks slowing down any time soon. Ransomware accounted for nearly 24% of all malware incidents in 2018 (Verizon DBIR). Additionally, IBM security researchers have discovered that the probability of an organization experiencing a data security event within the next two years is almost 30%.
If organizations fail to implement the proper measures, they will be left footing extremely expensive bills to recover or pay a ransom. Do not be mistaken though, many organizations have begun to take action with end-user training designed to test and educate in the identification of malicious emails. While this can be partially effective, this fails in one key area. It places the responsibility of cybersecurity on the end-user who is not a trained professional. The best policy is to make sure an end-user never can click on a malicious link or attachment through the implementation of proper email security measures.