According to Verizon, 90% of all threats start with an email. For many years email has been the attack vector of choice for criminals since it is the easiest and quickest way to attack hundreds of thousands of people at the same time. Another reason email is so easy to attack is that there are less hoops to jump through as opposed to attempting to attack the business network with firewall protections in place.
The email threat life cycle can be broken down into 4 steps
Probe
The first step in a successful email attack is the probe. The attacker will blast out an email to thousands of email addresses hoping to get a hit from someone. Threats can also come as a result of social engineering. Malicious individuals will use social media, and other means to simply discover if the email address or user is valid and active. This initial phase of the attack can be difficult to detect, since often there is no payload or attack in place, they are simply gathering information.
Defraud
The next step in the process is when the attacker attempts to impersonate a well known contact to gain access to a system or person. In this phase the attacker could implement attacks that might re-route messages intended for a trusted person or otherwise intercept communication. Additionally these kind of attacks are usually able to bypass protection provided by a gateway like Microsoft 365’s Online Protection.
Exploit
With all of the research in place and the system compromised, the attacker is ready to exploit the weaknesses they have already discovered. During this phase, the attacker will pounce and release their attack. The attack could be in the form of malware deployed to the network or using the data discovered through social engineering to attack individuals. In either case, the attacker will use what they have learned in the previous two phases to deploy their attack.
Extract
This phase is actually the most dangerous of the 4. Many will incorrectly think that the main damage is caused by the exploit. However, the extraction of data can cause more damage in the long run. A virus can be easily removed. Ransomware can be fought by restoring a backup or wiping the computer. Sensitive data, once removed from the business can never be deleted from the attacker. If your customer’s information is available for sale on the dark web because of a breach at your company, the lasting damage of that is almost immeasurable. It is also extremely difficult to discover what data has actually been taken.
Extraction doesn’t just apply to data though. Another example of this phase is when an attacker convinces an employee to purchase gift cards or otherwise send money to the attacker, they are extracting money. Much like data, once money has been sent, it can never be returned.
What Can My Business Do To Stop Email Threats?
Most attacks are well coordinated, and sometimes this steps can happen very quickly. briteCITY has partnered with AppRiver to help combat these email security holes for our clients. When our customers elect to use AppRiver’s Secure Cloud they are able to detect these steps in real time through several features.
Catch Attacks With No Payload
AppRiver uses industry-leading technology and machine learning to detect and prevent social engineering attempts and never-before-seen attacks. That includes anti-spam or malware and targeted phishing protection.
Delete Automatically
Quarantine suspicious emails in a simple web interface that users can access, but which educates them on how to prevent an attack. AppRiver’s live threat analysts provide checks and balances and use machine learning to stay ahead of attackers.
Guard Against Zero-Day Threats
AppRiver’s email and treat protection can monitor traffic within your environment to flag suspicious activity. With AppRiver’s adaptive defense, no expertise is needed for constant monitoring. When emails are sent between two AppRiver users, or between two organizations using AppRiver, they travel on AppRiver’s secure network.
Secure the Entire Inbox
Only AppRiver has the experience and relationship with Microsoft to provide integrated email hosting and threat protection to fully secure the inbox. AppRiver’s 17+ years of experience managing Exchange helps it detect suspicious, incremental changes in settings or a gradual escalation of privileges. AppRiver’s Microsoft 365 Threat Audit discovers otherwise unknowable vulnerabilities in your environment.
Protect End-to-End
AppRiver’s industry-leading Secure Cloud encrypts internal and external emails and functions as the world’s largest email community. Emails sent between organizations that use AppRiver are sent on a secure network.
Gain Visibility
AppRiver Secure Cloud provides threat mitigation, analytics, and insight, as well as virtually real-time updates when zero-day attacks are found.
If you are interested in learning more about how briteCITY and AppRiver can help protect your business through Secure Cloud give us a call at 949-243-7440.