Scammers are sending 18 million hoax emails about Covid-19 every day targeting business and organizations, according to Google "The pandemic has led to an explosion of phishing attacks in which criminals try to trick users into revealing personal data".The company said it was blocking more than 100 million phishing emails a day. Over the past week, almost a fifth were scam emails related to coronavirus.
Barracuda Networks said it had seen a 667% increase in malicious phishing emails during the pandemic.Scammers have been sending fake emails and text messages claiming to be from the UK government, the WHO, the Centre for Disease Control and Prevention and even individual US officials, including President Trump which has compromised many business organization.
Below is sample demo of how spam emails effects organization
Analysis of Email Security recent Threats and Cyber Crimes
1- Spoofing and Phishing
In an email spoofing case, a cybercriminal sends a user an email pretending to be someone the user knows. Email spoofing is easy to do, and very difficult to trace to its real sender.
Phishing is also a dangerous method used by cyber criminals to fool users get sensitive information such as bank accounts or social security numbers. Sometimes cyber criminals include graphics and logos be to seen more legal and real. They even give a link that seems to be real. Yet, it takes users to a malicious web site. Because spoofing and phishing are one of the common ways cyber criminals use to attack, users must know the anti-phishing solution against this kind of threats.
2- Email Security Gaps
It is necessary to discover weaknesses caused by provider’s misconfigurations in email services. The vulnerabilities discovered in email services have consequences of infiltrating the target system, revealing information and making systems inaccessible when attackers abuse these vulnerabilities.
3- Domain Squatting
Domain Squatting is registering, selling or using a domain name with the intent of profiting from someone else’s trademark. Therefore, either companies or their customers can be victims of domain Squatting and target-oriented spear phishing attacks.
4- Client-Side Attacks
The attack vectors for internet users are increasing day by day. A link containing malicious content can be enough to capture a computer alone. The e-mail service components’ security must be strengthened, and necessary anti-phishing solution such as employee training or email threat simulating etc. must be conducted against threats.
5- Malicious Files
When malicious content in the email attachment reaches to the user, it may take the whole computer system and network. For successful anti-phishing solution, these files must be analysed with signature-based antivirus software and behavior analysis services.
6- Ransomware
Once anyone gets infected, a ransom must be paid for all data encrypted. In this sense, it is necessary to tighten the e-mail service and wait for the analysis services to detect and prevent specific behaviours for ransomware.
7- MisConfiguration
This is a very common security problem. A poorly configured configuration in the email service can cause a serious crisis that allows sending email without authentication.
For example, a cyber-criminal who connects to your e-mail service without authentication, can send a random e-mail to your employees. A cyber-criminal who imitates the CEO may be more likely to succeed.
8- Browser Exploit Kit
E-mails that contain known vulnerabilities of Internet browsers cause identity theft, data leakage and access problems. Sometimes a link may contain an abused piece of code. In this case, the e-mail service and the security components must provide defensive measures.
9- Spear-Phishing and Business Email Compromise (BEC) Attacks
Another crucial point is that a cyber criminal who bypass all security precautions uses the unawareness of the end user to attack system. Since 97 % of people around the world cannot identify a sophisticated phishing email. Users should be trained regularly to be aware of the threats via phishing tests, exams, questionnaires and game.
10- File Format Exploits
Barracuda Networks said it had seen a 667% increase in malicious phishing emails during the pandemic.Scammers have been sending fake emails and text messages claiming to be from the UK government, the WHO, the Centre for Disease Control and Prevention and even individual US officials, including President Trump which has compromised many business organization.
Below is sample demo of how spam emails effects organization
1- Spoofing and Phishing
In an email spoofing case, a cybercriminal sends a user an email pretending to be someone the user knows. Email spoofing is easy to do, and very difficult to trace to its real sender.
Phishing is also a dangerous method used by cyber criminals to fool users get sensitive information such as bank accounts or social security numbers. Sometimes cyber criminals include graphics and logos be to seen more legal and real. They even give a link that seems to be real. Yet, it takes users to a malicious web site. Because spoofing and phishing are one of the common ways cyber criminals use to attack, users must know the anti-phishing solution against this kind of threats.
2- Email Security Gaps
It is necessary to discover weaknesses caused by provider’s misconfigurations in email services. The vulnerabilities discovered in email services have consequences of infiltrating the target system, revealing information and making systems inaccessible when attackers abuse these vulnerabilities.
3- Domain Squatting
Domain Squatting is registering, selling or using a domain name with the intent of profiting from someone else’s trademark. Therefore, either companies or their customers can be victims of domain Squatting and target-oriented spear phishing attacks.
4- Client-Side Attacks
The attack vectors for internet users are increasing day by day. A link containing malicious content can be enough to capture a computer alone. The e-mail service components’ security must be strengthened, and necessary anti-phishing solution such as employee training or email threat simulating etc. must be conducted against threats.
5- Malicious Files
When malicious content in the email attachment reaches to the user, it may take the whole computer system and network. For successful anti-phishing solution, these files must be analysed with signature-based antivirus software and behavior analysis services.
6- Ransomware
Once anyone gets infected, a ransom must be paid for all data encrypted. In this sense, it is necessary to tighten the e-mail service and wait for the analysis services to detect and prevent specific behaviours for ransomware.
7- MisConfiguration
This is a very common security problem. A poorly configured configuration in the email service can cause a serious crisis that allows sending email without authentication.
For example, a cyber-criminal who connects to your e-mail service without authentication, can send a random e-mail to your employees. A cyber-criminal who imitates the CEO may be more likely to succeed.
8- Browser Exploit Kit
E-mails that contain known vulnerabilities of Internet browsers cause identity theft, data leakage and access problems. Sometimes a link may contain an abused piece of code. In this case, the e-mail service and the security components must provide defensive measures.
9- Spear-Phishing and Business Email Compromise (BEC) Attacks
Another crucial point is that a cyber criminal who bypass all security precautions uses the unawareness of the end user to attack system. Since 97 % of people around the world cannot identify a sophisticated phishing email. Users should be trained regularly to be aware of the threats via phishing tests, exams, questionnaires and game.
10- File Format Exploits
File format vulnerabilities are quickly taking center stage as one of the primary information security threats facing modern enterprises. Attackers exploiting these vulnerabilities create carefully crafted malicious files that trigger flaws (such as buffer overflows) in applications. These vulnerabilities are especially worrisome because they often cross platforms. For example, a file format vulnerability in Adobe Acrobat might allow an attacker to create a single malicious PDF file that compromises Windows, Macintosh and Linux systems.
source:
https://www.keepnetlabs.com/anti-phishing-solution-threat-simulation-2/
https://www.bbc.com/news/technology-52319093
https://mlaem.fs.ml.com/content/dam/ML/Articles/images/protecting-business-from-scam-emails/cyber-security-business-email-compromise-653x44.gif
source:
https://www.keepnetlabs.com/anti-phishing-solution-threat-simulation-2/
https://www.bbc.com/news/technology-52319093
https://mlaem.fs.ml.com/content/dam/ML/Articles/images/protecting-business-from-scam-emails/cyber-security-business-email-compromise-653x44.gif
Comments
Post a Comment