Email has become yet again the forum of choice for cyber attack. Symantec reports that in 2016 one in 131 emails was found to contain malicious content*. For the cybercriminal, it’s a method that’s been proven to work, and doesn’t rely on exploiting a technology weakness, but rather on conning recipients into revealing personal details or accessing malicious links.
However, today fewer emails are sent and received generally, the number declining since 2012 – and the cybercriminal has been changing strategy as a result.
Previously they were taking a ‘spray and pray’ approach. But, particularly among a smaller pool, the greater the number of emails sent, the higher the risk of detection, and it’s ‘low and slow’ for the cybercriminal today, with fewer – ‘targeted’ – emails sent to a refined, filtered list following up-front research into potential recipients. .
And although the number of emails sent and received across the world is reducing year on year, the number of malicious campaigns is increasing, and the growth of malicious targeted attacks is now one of the most alarming trends in today’s business world.
With targeted threats more difficult to check via traditional signature-based antivirus strategies, technology has been developing to create a new approach to detection.
With Symantec Advanced Threat Protection (ATP): Email, whether links are embedded within the body of an email or in an attachment multi-layered technologies and intelligence create the most effective protection against spear-phishing, targeted attacks, and other advanced threats.
- Real-Time Link Following evaluates links in real-time before email delivery, blocking links that are malicious.
- Click-Time URL Protection provides continued protection, for after email delivery, with links rewritten to point to Symantec servers, enabling evaluation when the link is ‘clicked’. Symantec ATP: Email is also set up to detect malicious links with time-based delay, whereby the link points to a legitimate site before evolving to link to a malicous destination, multiple redirects, shortened URLs, and hijacked URLs, when attackers create a fake version of a genuine ad.
- Cynic cloud-based sandboxing and payload detonation provides further protection. Suspicious emails and attachments are securely evaluated within Symantec’s cloud infrastructure and undelivered if found to be dangerous.
- Comprehensive reporting provides detailed feedback when a malicious campaign has been identified, targeting at business level or an individual within the business, and categorised according to type. Details covering the site to which the link was redirecting and the unique identifier of the file are also listed.
Michael Frisby, Vuzion MD: “Today’s evolving IT security threats require companies to adopt a more layered approach to protecting their IT and business assets from attack.
“Symantec’s ATP solution leverages their massive cloud scale and machine-learning algorithms, with more than 2 billion messages scanned every day, providing the largest base of data from which to spot unknown threats before they can reach our mailboxes.”
Hackim Farrell, Sr Manager of Product Management, Symantec: “The average cost of a successful spear-phishing attack is $1.8M**. Symantec Email Security cloud with ATP: Email from Vuzion provides the most comprehensive form of URL Protection. Its Real-Time Link Following provides inline link analysis and heuristics scanning, whilst its Click-Time Protection protects users against latently weaponized URLs.”
*2017 Internet Security Threat Report (ISTR)
**Vanson Bourne, January 2016