Cyber security is an endless technological race with attack and defence continually trying to out-innovate each other. It is, therefore, an anomaly that one of the most prevalent attack vectors is something that was developed in 1971; and has changed very little since.
When Ray Tomlinson sent the first email from MIT using the creatively named SNDMSG programme, he introduced the world to a format that would become both a huge innovation in the way people communicate and the bane of cyber security team’s lives.
Fast forward 50 years, and email is now a heavily abused attack vector. It has changed over time, once a playground for 419 scammers, pharmaceutical spammers, and other random chancers, attacks have now become far more selective.
Driven out of the volume game by the advancement of email filtering technology, attackers have had to get creative switching their focus onto far more targeted, low and slow attacks.
To achieve this, the name of the game has become hijacking email inboxes to either gather information or impersonate the official user, ultimately with the aim of stealing money and IP. This is otherwise known as Business Email Compromise (BEC).
Hiding silently inside a high-value target’s inbox awaiting a glimpse of the motherlode can generate huge returns for attackers from relatively few steps. This rare glimpse of such a case, for example, showed how it is possible to steal hundreds of thousands of dollars with just a few well-crafted emails.
BEC has been enabled, in no small part, by the shift of email into the cloud and accelerated by the global pandemic. With more accounts accessible through web-facing applications such as Outlook Web App, the exposure becomes greater.
Traditionally, the target for Business Email Compromise attacks was the C-Suite. Attackers assumed that going to the top of the tree meant the best visibility of sensitive data held in an organisation. This has been changing, however, with finance teams increasingly coming into the crosshairs.
How can I protect my organisation and stop email hijacking attacks?
Given the problem of Business Email Compromise is part human and part technology, the solution should be too.
User awareness training can help address the human aspect. Teaching people to question, rather than just accept, every email, is a difficult task but something which can be achieved through repetition and continual reinforcement. Arming the employee-base with a clear understanding of the phishing techniques they may face is also an important part of this.
To bolster this, a forward-looking email security solution can prevent many of the unwanted outcomes of BEC.
Such countermeasures come brimming with intelligent capabilities to spot and halt the problem, technologies and specialist layers of analysis which are not typically built into standard cloud email platforms such as Microsoft Office 365.
These include the ability to look at the content of emails and combined with other attributes – such as executive real names in various header and envelope fields and the use of nearby (or cousin) domains – the context of the message and the associated potentially malicious intent. Safeguarding high value inboxes is also possible with policies to prevent auto-forwarding of messages or alerting on the creation of Inbox rules.
It is also important to ensure email solutions are built to be deployed alongside cloud-native email solutions, such as Microsoft Office 365.
In order to mitigate against the common attack vectors which are used to gain a toehold on an inbox in the first place, companies should also look to deploy an email solution with comprehensive anti-malware capabilities, including sandboxing to capture highly evasive and/or zero day code, as well as MFA to protect user accounts with more than just a password.
Hijacked inboxes are a destructive and contemporary cyber security problem. The amount of information, both within messages themselves and in attachments, which can be stolen by an attacker can be truly destructive.
With a layered cloud security approach, which takes into account technological and human assets, organisations can ensure an interlocking defensive framework to make it tough for attackers to gain a foothold.
