Story image

Suspicious minds

01 Oct 10

Blended attacks use more than one avenue to break through the security gateways of ERP software systems to deliver malware viruses. Accounting for more than 176 billion messages per day, you can understand that this has become a serious and growing issue.

The latest type of blended threat to emerge is one that uses a powerful combination of email and web to deliver its payload and infect a user’s computer. The attacker sends an email message with an embedded URL link, the intrigued user then clicks on the URL link which either prompts an immediate malware download, or redirects the user to a web page, where they are invited to download and subsequently install a crucial ‘update’, which inevitably turns out to be malware.

These blended email attacks are one of the most successful attack methods on the internet today. They are successful because the email message is simple, well engineered and difficult to detect as spam. It also does not have an attachment, so there is nothing for the email gateway to scan. They infect using the web channel which, typically, has next-to-no malware scanning capabilities. In fact, the web channel is now by far the most popular route of malware infection in the enterprise environment, simply because the majority of organisations deploy insufficient protection on their web gateways.

Any protection they have is usually based around URL filtering lists, which used to be effective and sufficient, however, as the internet and internet threats change, so must the security controls used to protect the business network and its multiple users.

As the initial instigator of attacks, email should certainly be the first port of call for preventing them. Too many email security vendors rely on web products to address threats, or they assume that standard spam filters are sufficient barriers to these malicious emails. Spam filters will catch some blended threat emails, but as baiting emails improve in format and design, adopting legitimate email addresses and domains to fool security gateway control, we are seeing much higher numbers of malicious messages slip through into users’ inboxes.

On the web side, vendors have been using URL filtering lists to block access to malicious websites created by hackers. Unfortunately, to counter this, the hackers have changed tactics and are now infecting legitimate websites. As a result, by using URL filtering lists to block access to suspicious websites, organisations are in danger of hampering productivity should their employees require access to these sites in their daily work. It is important to note that URL filtering lists don’t actually offer the most effective means of protection to end users anymore. In today’s environment, hackers are continuously evolving their attack methods and organisations must remain vigilant to new and ever-more prolific threats.

Behavioural analysis is one innovation that is positioning organisations one step ahead of cybercriminals in terms of blended threat defence. Operating at the email gateway, to stop baiting emails even reaching end users, it works by running the suspect code or URL link within the email in a virtual computer, tracking it to see what it does and whether it makes operational modifications. This determines if this code or link is malicious or not.

Through behavioural analysis, not only are you able to accurately detect all malware, no matter whether or not you have seen it before, but this technology can also be deployed in an email security gateway, whereby the gateway strips out any suspicious URL links from email and analyses the content. Appropriate actions can then be taken depending on the result.

In order to combat email and web malware, innovation such as this must continue. Spam hasn’t gone away nor has it died down. Hackers are making too much money with email and webbased threats to stop their malware march into the enterprise.

Wine firm uses AR to tell its story right on the bottle
A Central Otago wine company is using augmented reality (AR) and a ‘digital first’ strategy to change the way it builds its brand and engages with customers.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
Protecting organisations against internal fraud
Most companies tend to take a basic approach that focuses on numbers and compliance, without much room for grey areas or negotiation.
Telesmart to deliver Cloud Calling for Microsoft Teams
The integration will allow Telesmart’s Cloud Calling for Microsoft Teams to natively enable external voice connectivity from within Teams collaborative workflow environment.
Jade Software & Ambit take chatbots to next level of AI
“Conversation Agents present a huge opportunity to increase customer and employee engagement in a cost-effective manner."
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
GirlBoss wins 2018 YES Emerging Alumni of the Year Award
The people have spoken – GirlBoss CEO and founder Alexia Hilbertidou has been crowned this year’s Young Enterprise Scheme (YES) Emerging Alumni of the Year.
SingleSource scores R&D grant to explore digital identity over blockchain
Callaghan Innovation has awarded a $318,000 R&D grant to Auckland-based firm SingleSource, a company that applies risk scoring to digital identity.