Eliminating Malware at its Delivery Mechanism

Posted by Geraldine Hunt on Fri, Nov 1st, 2019

Effective anti-malware stops malicious attacks before they infect a device. It’s not as easy as it seems as attackers change their delivery methods to avoid detection. Two decades ago, having antivirus on a device was enough to stop a majority of attacks, but now attackers use file-less deliveries, in-memory malware, phishing, ransomware, and numerous other methods to steal data and take over resources. It’s more important than ever for companies to focus on stopping attacks at the delivery mechanism, which can be done with the right cybersecurity defenses.

Phishing Attacks are Still Growing in Popularity

An organization can have a perfectly configured intrusion detection and prevention system in place, and attackers know that most cybersecurity infrastructure is well secured. Instead of finding a needle in the haystack security flaw, attackers go for a much more likely cybersecurity flaw – human error. According to Microsoft, phishing attacks grew by 250% in 2018.

Phishing is often the start of ransomware attacks, and these malware campaigns have also grown in popularity. According to a recent 2019 survey, the ransom fees from ransomware attacks also increased by 89%. Most ransomware uses AES-256, which is the current cryptographically secure symmetric encryption algorithm. It’s a symmetric algorithm, which means that the same key to encrypt data is used to decrypt it. It is not currently vulnerable to brute-force attacks, so organizations are forced to pay the ransom to get data back. It’s also necessary to pay the ransom if no backups are present or the organization has a poor backup and disaster recovery plan.

Combine phishing with ransomware campaigns, and attackers have a goldmine with endless potential as more corporations lack the right resources and user training to stop hackers.  Social engineering is also a concern as users with poor cybersecurity training will freely disclose their credentials, which then gives an attacker access to the local network.

Even with intrusion detection and monitoring systems, the organization is still at risk of human error. Monitoring systems are essential, but they notify system administrators after an attack is already successful. The level of mitigation and containment needed to control the attack depend on what vectors the attacker chooses to use. For instance, detecting a ransomware attack after it has already encrypted files only serves to let administrators know that they have malware on the network and need to invoke disaster recovery methods. In many cases, organizations are forced to pay the ransom to get back to previous productivity levels without losing any data.

DMARC Email Filters that Stop Phishing Before Delivery

The only way to stop phishing emails at the delivery mechanism is to stop messages from reaching the targeted user’s inbox. Messages can be quarantined and protected from accessing the network while an administrator reviews the email’s content including potentially malicious file attachments. If the administrator determines that the message quarantine is a false positive, the message can be sent to the targeted user’s inbox and email filter settings changed to avoid future false positives.

Domain-based Message Authentication, Reporting & Conformance (DMARC) is a cybersecurity protocol for email messages. It combines signing messages and DNS-based settings to stop spoofed messages so that attackers cannot trick users into disclosing information from fraudulent phishing emails. DNS settings tell email servers which IP addresses can send messages on behalf of the organization, and signing requests ensures no one tampered with the content.

The right email filters can be adjusted should administrators find that email messages are not being delivered or some malicious content is getting through defenses. It might take time to adjust and configure email filters, but artificial intelligence helps with the process and can take much of the overhead out of the hands of administrators as the system “learns” to identify new phishing campaigns that have not been seen in the wild.

Stops Attacks at the Delivery Method

Using DMARC and email filters, the organization stops attacks at the delivery method rather than rely on users and their training to identify an ongoing campaign. This cybersecurity defense takes responsibility away from users and creates an intelligent system that stops malicious email delivery. By using this system, human error that can be damaging to the integrity of the network is removed.

Eliminating malware at its delivery mechanism doesn’t take a complex system. These email filters can even run in the cloud and connect seamlessly with current systems. Using these filters, email administrators can greatly reduce the number of successful phishing and ransomware attacks on the network and users can be better protected.

DMARC seems complex, but with the right setup, it’s a valuable cybersecurity tool that defends against phishing and malicious email content. With phishing on the rise as one of the most common ways attackers can steal data, it’s important for organizations to implement the right application and rules that stop these messages before they can reach a user’s inbox.

While SPF provides a certain degree of protection against email spoofing, DMARC is far more dependable. SpamTitan email security now incorporates DMARC authentication to provide even greater protection against email spoofing attacks. Both of these new features have been added in the latest update to SpamTitan and are available to users at no extra cost.