Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Email Security

How Three of 2018’s Critical Threats Used Email to Execute Attacks

History Tends to Repeat Itself – Attackers Repurpose Tried and Tested Methods to Launch Attacks

History Tends to Repeat Itself – Attackers Repurpose Tried and Tested Methods to Launch Attacks

Research by The Radicati Group shows that email remains the most ubiquitous form of business communications, with the total number of business and consumer emails sent and received per day reaching 280 billion in 2018 and projected to grow to over 333 billion by the end of 2022. It should come as no surprise then that email remains the number one vector used by threat actors to launch attacks. Two of the top three types of incidents the nearly 3,000 participants in the Cisco 2019 CISO Benchmark Study report facing last year were due to issues with email security: malicious spam and phishing. If you look back at 2018, you’ll find threats like Emotet and cryptomining used email as the preferred delivery method. It’s also highly likely that other threats, such as unauthorized Mobile Device Management (MDM) profiles, used email as well. 

We all know that history tends to repeat itself and that attackers repurpose tried and tested methods to launch attacks, which is why one of the keys to creating a safer future is to study the past. Let’s look at how these three types of attacks unfold so that we can protect ourselves more effectively.

1. Emotet. Starting out as a banking trojan, Emotet used invoice- or payment-themed spam emails to deliver malware. Typically, the malware was attached as a document or file or included in the email as a malicious link. Emotet has since transformed into a modular platform, capable of carrying out a variety of attacks via email. It offers tools for a range of functions including stealing email credentials, stealing user names and passwords stored in browsers, providing distributed denial-of-service (DDos) capabilities, and distributing malware. Particularly concerning, the group behind Emotet is now cooperating with other groups, allowing them to use the platform to deliver other trojans and ransomware. Emotet infections can cost up to $1 million per incident to remediate according to US-CERT and there appears to be no end to the ways in which it can use email to wreak havoc on a widening swath of unsuspecting organizations.

2. Cryptomining. Here, the objective is to steal computing power to mine cryptocurrencies and generate revenue. One of the ways cryptomining software gets into an environment is through spam emails with malicious attachments. Users are tricked into downloading the software onto their devices where it continues to run in the background without the owner’s knowledge. Cryptomining software can slow down system performance and increase power costs, which can quickly add up when multiplied over the number of endpoints in an organization. Cryptomining can also have regulatory implications for sectors such as financial services, where strict rules apply to revenue generated using corporate resources. Also worrisome for security professionals are the other types of threats the organization may be exposed to if other attackers exploit the same security vulnerabilities. Even though the value of cryptocurrencies has been dropping, cryptomining will continue to be a threat because it provides recurring revenue at relatively little risk and overhead to the threat actor.

3. Unauthorized MDM profiles. While this threat is only just emerging, we are seeing examples of devices that use open source MDM systems being compromised. The attackers manage to get malicious profiles onto the devices and push out applications with the purpose of intercepting data, stealing SMS messages, downloading photos and contacts, and tracking the location of the devices, among other things. One of the ways devices may be subjected to the attack could be through a malicious email designed to fool the user into thinking they are required to install a profile that is actually bogus. Fortunately, these attacks require the target complete multiple steps so they are difficult to carry out, but we can expect that threat actors will hone their methods over time.

Understanding the latest attacks and how attackers innovate and operate can help security professionals identify and close gaps in email security. In addition, these measures can improve protection and mitigate damage.

• Ongoing education on the various types of email threats can help reduce the risk of employees clicking on malicious emails and attachments. 

Advertisement. Scroll to continue reading.

• Defenses that block bad IP addresses can help protect against malware and phishing. 

• If something does get in, malware protection can detect malicious behavior and stop and remove threats before damage can be done. 

• Segmentation dramatically curtails the ability of threat actors to move across the environment, limiting the spread of destructive activity and helping to keep critical assets safe.

Given the popularity and projected growth in email, it’s safe to assume that these attacks and similar ones will continue to appear. Fortunately, by learning from the past there are many steps we can take to strength our approach to security as attackers continue to turn to email to help accomplish their mission.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online.

Compliance

Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...

Email Security

Many Fortune 500, FTSE 100 and ASX 100 companies have failed to properly implement the DMARC standard, exposing their customers and partners to phishing...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cybercrime

Enterprise users have been warned that cybercriminals may be trying to phish their credentials by luring them with fake emails that appear to be...

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.

Cloud Security

Proofpoint removes a formidable competitor from the crowded email security market and adds technology to address risk from misdirected emails.