Story image

Suspicious minds

01 Oct 2010

Blended attacks use more than one avenue to break through the security gateways of ERP software systems to deliver malware viruses. Accounting for more than 176 billion messages per day, you can understand that this has become a serious and growing issue.

The latest type of blended threat to emerge is one that uses a powerful combination of email and web to deliver its payload and infect a user’s computer. The attacker sends an email message with an embedded URL link, the intrigued user then clicks on the URL link which either prompts an immediate malware download, or redirects the user to a web page, where they are invited to download and subsequently install a crucial ‘update’, which inevitably turns out to be malware.

These blended email attacks are one of the most successful attack methods on the internet today. They are successful because the email message is simple, well engineered and difficult to detect as spam. It also does not have an attachment, so there is nothing for the email gateway to scan. They infect using the web channel which, typically, has next-to-no malware scanning capabilities. In fact, the web channel is now by far the most popular route of malware infection in the enterprise environment, simply because the majority of organisations deploy insufficient protection on their web gateways.

Any protection they have is usually based around URL filtering lists, which used to be effective and sufficient, however, as the internet and internet threats change, so must the security controls used to protect the business network and its multiple users.

As the initial instigator of attacks, email should certainly be the first port of call for preventing them. Too many email security vendors rely on web products to address threats, or they assume that standard spam filters are sufficient barriers to these malicious emails. Spam filters will catch some blended threat emails, but as baiting emails improve in format and design, adopting legitimate email addresses and domains to fool security gateway control, we are seeing much higher numbers of malicious messages slip through into users’ inboxes.

On the web side, vendors have been using URL filtering lists to block access to malicious websites created by hackers. Unfortunately, to counter this, the hackers have changed tactics and are now infecting legitimate websites. As a result, by using URL filtering lists to block access to suspicious websites, organisations are in danger of hampering productivity should their employees require access to these sites in their daily work. It is important to note that URL filtering lists don’t actually offer the most effective means of protection to end users anymore. In today’s environment, hackers are continuously evolving their attack methods and organisations must remain vigilant to new and ever-more prolific threats.

Behavioural analysis is one innovation that is positioning organisations one step ahead of cybercriminals in terms of blended threat defence. Operating at the email gateway, to stop baiting emails even reaching end users, it works by running the suspect code or URL link within the email in a virtual computer, tracking it to see what it does and whether it makes operational modifications. This determines if this code or link is malicious or not.

Through behavioural analysis, not only are you able to accurately detect all malware, no matter whether or not you have seen it before, but this technology can also be deployed in an email security gateway, whereby the gateway strips out any suspicious URL links from email and analyses the content. Appropriate actions can then be taken depending on the result.

In order to combat email and web malware, innovation such as this must continue. Spam hasn’t gone away nor has it died down. Hackers are making too much money with email and webbased threats to stop their malware march into the enterprise.

50 million tonnes of e-waste: IT faces sustainability challenges
“Through This is IT, we want to help people better understand the problem of today’s linear “take, make, dispose” thinking around IT products and its effects like e-waste, pollution and climate change."
Vocus & Vodafone unbundle NZ's fibre network
“Unbundling fibre will provide retail service providers with a flexible future-proofed platform regardless of what tomorrow brings."
IDC: A/NZ second highest APAC IoT spenders per capita
New IDC forecast expects the Internet of Things spending in Asia/Pacific excluding Japan to reach US$381.8 Billion by 2022.
Xero launches new data capture product in NZ
“Data automation is the fastest growing app category on the Xero app marketplace so we know there is a hunger for these types of tools."
Security flaw in Xiaomi electric scooters could have deadly consequences
An attacker could target a rider, and then cause the scooter to suddenly brake or accelerate.
Four ways the technology landscape will change in 2019
Until now, organisations have only spoken about innovative technologies somewhat theoretically. This has left people without a solid understanding of how they will ultimately manifest in our work and personal lives.
IDC: Top 10 trends for NZ’s digital transformation
The CDO title is declining, 40% of us will be working with bots, the Net Promoter Score will be key to success, and more.
Kiwi partner named in HubSpot’s global top five
Hype & Dexter is an Auckland-based agency that specialises in providing organisations with marketing automation solutions.