Sending and receiving emails with external users is as common as internal communication. It is with these externals that your business becomes a target for malware and phishing. A business is at risk of being crippled by ransomware or suffer from a data breach without the right email filtering solution. Ruining it’s brand and reputation.
How Does Ransomware (and Other Malware) Leverage Email?
Phishing is generally used to trick users into divulging information. While malicious emails are also used to trick users into running malware on their devices. Malware isn’t limited to just the local device.
It can also span to other devices, servers, and network appliances. Ransomware is written to scan network resources and encrypt files. The main vector used to start the attack is email.
For every single employee, researchers estimate that they will receive five to eight malicious messages a day. For example, if you have 10 employees, your business can expect at least 50 malicious emails a day. These messages bombard your employees with spam and take up unnecessary storage on the email server and the user’s device.
The email message isn’t enough to get ransomware and other malware on a user’s device. The attacker needs to unload the payload, which is usually done with a file attachment. The attachment could look like a benign document with a malicious macro or an executable with a friendly looking name. In either method, the attacker needs the user to open the attachment so that malware can execute on the local device.
Most malware is spread using attachments, but other attack strategies involve sending users to a malicious website. The attacker must convince the user to download a binary and execute it on their device. Eventually, these sites are taken down by the host provider, so this strategy is less popular than email vectors.
Did You Know?
SpamTitan's spam catch rate
a ransomware attack occurs
the average cost to manage spam per person without an email filter
of all email is spam
What Can Happen When Malware Runs on a Device?
After a user runs malware on the system, several things can happen. If it’s ransomware, the malware scans the local device and the network for important files. Every important file found is encrypted using a cryptographically secure cipher.
A cryptographically secure cipher is impossible to brute force. It could be vulnerable in the future, but currently AES-256 is the cryptographically secure cipher used to encrypt files.
The only way to decrypt files is to pay the ransom or recover using backups. Even if you can recover from backups, the business could be down for several days until all data can be fully recovered. This downtime translates to thousands of dollars in lost revenue.
Ransomware isn’t the only malware that can affect a corporate network. Malware can perform numerous other malicious actions. A rootkit could take over a server’s operating system activity and eavesdrop on data. A keylogger can log keystrokes and send information such as passwords and usernames to an attacker.
At worst, ransomware and other malware can create downtime for days. It can also lead to a data breach or a compromise. The payload from malware depends on the goals of the attacker.
Most attacks are money-driven so it’s common for malware to steal or corrupt data in some way. This forces the business into losing money or paying the attacker money to gain access to files. In some cases, the attacker might blackmail or use extortion to get money from the targeted victim.
We recently held a webinar with Osterman Research demonstrating how to reduce the risk of phishing and ransomeware. Download the guide here to maximize your organization's email protection.
Or watch the webinar here.
Using Email Filtering Solutions to Protect Businesses
Leaving email unfiltered email is dangerous for many reasons, but the most important is the aftermath of a data breach. After a data breach, the organization must perform an analysis on the vulnerability that allowed the attacker to access data. They then must inform customers, deal with investigations and litigation, and possibly pay fines for any compliance violations. The entire process requires time and money that takes away from everyday business that could be more productive.
Adding filtering to the email server is the single most effective way to stop malware from being transferred using email. An email filtering solution detects malicious messages and attachments and quarantines them until an administrator can review them. The right solution uses machine learning and artificial intelligence to “learn” as more emails targeting the business are caught and evaluated by the system.
Email cybersecurity also involves Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) which also stops spoofed messages.
SpamTitan checks every URL in an email against known blacklists - with 100% active web coverage.
How SPF and DKIM Protect Business Emails?
SPF and DKIM are a part of Domain-based Message Authentication, Reporting and Conformance (DMARC). This is an email security system that combines DNS entries using SPF and encrypted signatures using DKIM to ensure that the message sender is legitimate.
An SPF record on nameservers defines IP address that can send email on behalf of the domain. While DKIM creates a digital signature and adds it to messages to ensure the content has not been tampered with.
DMARC works well for spoofed email messages and content that has been tampered with. It’s also not uncommon for hackers to gain access to email accounts and send messages using legitimate sender accounts.
They can then send messages with attachments and tricks users into opening them. This happens because it’s from a trusted sender. An email filtering solution solves this problem by catching the malicious message and quarantining it.
Quarantining messages puts them in a safe place until an administrator can review their content. The administrator can then pass the message on to the intended recipient if it’s a false positive, or delete the message. If several messages are quarantined, it could also indicate that the organization is the target of a phishing or malware campaign.
With DMARC and email filtering, an organization can greatly reduce risk of being the next victim of an email-based cyber-attack.
An email filtering solution will stop many of the attacks, but a wise organization will still need to perform monitoring and detection of ransomware and other malware.
Looking for an email spam solution for your organization? Sign up for SpamTitan's Free 14-Day Trial.
Susan Morrow
- DATA PROTECTION
- EMAIL PHISING
- EMAIL SECURITY