by Brad Slavin | Sep 10, 2018 | Smtp, Spam Filtering
We are making two new changes to the way that the email system processes mail in an attempt to cut down on spam. We are adding additional validations and checks to ensure that the domains mentioned in the SMTP envelope are valid and have a functional DNS record.
These changes impact inbound and outbound customers differently, but the core change is the same. If the sender or the recipient of a message is not a registered domain name we will defer accepting the message.
Outbound SMTP: https://support.duocircle.com/solution/articles/5000788780-check-to-see-if-a-recipient-domain-exists
Inbound Gateway: https://support.duocircle.com/solution/articles/5000788778-check-if-the-sender-domain-exists
You will be able to whitelist inbound domains.
by Brad Slavin | Sep 6, 2018 | Email
Email threats come in a variety of forms. With over 90% of security threats beginning with some form of email attack, it is imperative that organizations educate their users on these forms of attack and take steps to harden their networks against them. Three of the most commonly seen broad categories of email threat are Phishing, Ransomware, and Domain Name Spoofing.
Phishing
Phishing is a psychological manipulation of users with the intent that they divulge sensitive information that the attacker can use directly or sell to others for malicious purposes. Such information might include login credentials, financial account access or balance sheet information, for example. An email phishing attack will typically come from an authentic-looking sender email address, and include a socially engineered body text. Believing the email comes from a trusted sender, the recipient opens and reads the email text, which entices them to click on malicious links or open infected attachments.
More specialized forms of phishing also exist, among them Spear Phishing and Whaling. In a spear phishing attack, the email purports to come from a trusted source, often within the employee’s own company. The term spear phishing means that the attack is highly targeted vs. an internet-wide phishing scam Since confidential data is routinely shared inside a company firewall between employees, this form of attack is especially insidious to corporations: users can be (and routinely are) tricked into sharing “inside” information.
Protect Yourself from Phishing AttacksWhaling is a form of phishing attack that tricks the recipient of an email into thinking that it comes from a high-level executive. Since legitimate email from corporate officers is treated with urgency, the user may overlook the risk in order to respond to what they perceive as something requiring immediate action. This may include the creation of a purchase order, or the approval of an urgent check that needs to be written.
Despite education conducted over the past few years and other efforts designed to make employees aware of the risks associated with fraudulent email, phishing attacks continue to be incredibly successful.
Over 90% of attacks begin with a phishing email, and the cost associated with a phishing attack is represented not only in terms of the money lost, but in lost productivity and potentially the loss of corporate reputation and customer confidence.
Ransomware
A typical ransomware attack attempts to access corporate data or systems, block authorized access to them, and hold them hostage until the organization pays a ransom of some form. This is a violent form of attack on a corporation: the trend is growing in popularity and the threats are becoming more and more sophisticated. Social engineering is in two ways in a ransomware attack: once within the body of an email to get the user to open a malicious attachment, and a second time to create the dread of what will happen if the ransom is not paid.
The number of ransomware attacks is increasing worldwide, which forces corporate IT teams to come up with innovative solutions to combat the threat. But email-based threats like ransomware are costly and difficult to fight with on-site solutions alone. With an on-site solution, by the time the existence of ransomware is known, the threat is already wreaking havoc across the network.
Protection from ransomware attack
Once ransomware gains access to a company’s systems, it’s too late. In the best cases, only a few isolated computers are held hostage. But if shared network drives are present, the ransomware can propagate across entire corporate networks, quickly bringing the organization to its knees.
Domain Name Spoofing
Sometimes a hacking technique that involves little effort results in the most damage. In a spoofing attack, the hacker deliberately replaces the domain name or email address in the sender or reply to address of an email. This is very commonly seen in spam messages, but is also a powerful technique in phishing emails. When a user sees a “trusted” sender for example, they are more likely to click a malicious link in the email.
Another form of spoofing is changing the domain name in an embedded URL directly, swapping “paypal” with a final lowercase L to “paypaI” with a final uppercase I.
Domain name spoofing is very difficult to detect by eye, but detection software can very simply find such bogus links and warn the user when they are about to navigate to such a site.
Once serious result of URL or domain-name spoofing is identity theft. In this scenario, a user inadvertently clicks on a link that takes them to a site that appears identical to the site they expect to go to. This is typically a login page, in which the user enters their credentials. After the user logs on, the attacker has gained access to their account on real site. If the site is an online banking portal, huge amounts of damage can be done before the user is even aware of the attack.
Secure your data from ransomware attack
DuoCircle’s Advanced Threat Defense Protects Against Email Attack
DuoCircle’s Advanced Threat Defense is a multi-layered approach to email threat protection that pulls all the features you need together in a single integrated solution to fight malware, ransomware, and phishing attacks. With Advanced Threat Defense, DuoCircle protects your employees (and your entire enterprise) from the threat of phishing, ransomware, domain name spoofing, and other forms of email threat. Our sophisticated classification engine detects and defends your entire organization against these threats in real-time, and with the highest possible level of accuracy.
Advanced Threat Defense from DuoCircle provides:
- Protection from malware and zero-day attacks, with 100% availability.
- Spam protection that eliminates 99% of all incoming spam with a false positive rate of less than one in ten thousand.
- Unlimited users and unlimited inbound message volume
- Protection against domain name spoofing
- Blocking of malicious attachments.
- Real-time activity logs, with access to the email queue and click reporting
- Smart Adaptive Quarantine, which puts the burden of sorting spam messages on the sender rather than the recipient.
- A thirty-day backup queue – 30 days of MX backup service included
- Chat, email and phone support is available 24/7
Email-borne attacks include ransomware, phishing, malware, and more, and they are becoming more common and more sophisticated every day. DuoCircle’s Advanced Threat Defense pulls together all the tools your organization needs in a single integrated solution to protect and defend your employees from these threats. Using an intelligent classification engine, we detect and these threats in real-time and defend against them with the highest possible level of accuracy. Ransomware is stopped in its tracks before it can wreak havoc on your network.
![Protecting Email in the Cloud – Challenges and Solutions]()
by Brad Slavin | Jul 26, 2018 | Cloud Email
Moving from a traditional on-site email server to a cloud-based solution is essential for businesses wishing to lower their costs of system management, IT resources and reducing the capital expenditures associated with an in office mail server.. The benefits of cloud-email and systems are evident: near 100% uptime, no software upgrades or maintenance tasks for administrators and the latest features and innovations seamlessly deployed into your accounts.
But simply moving your email data without a plan in place for securing it creates cybersecurity vulnerabilities. The very accessibility of cloud-based email makes it a tempting target for hackers. Traditional security approaches are not sufficient to protect cloud-based email. To make the cloud a safer place to store and collaborate, companies need to change their thinking about cyber security. Secure cloud based solutions exist, but as an adjunct to, rather than embedded within, existing cloud based application frameworks.
What measures can be taken to protect email in the cloud? Third party security solutions are generally the correct answer, but what criteria should you base your decisions on? What are some best practices to ensure the security of your email, and how should they be implemented? Choosing an email security solution can be a daunting task: there are many different products available. The best way to begin is to educate yourself on the risks inherent in cloud based storage, and their possible solutions.
Protect Your Emails
The Threat of Attack is Real
Companies are under attack every day. The number of corporations negatively affected by some form of cyber attack is nearly 80% according to some sources,1 and over 90% of those attacks begin with an email. Corporate wide antivirus software, or powerful firewalls are essential for protecting what’s inside your network. But with most email shifting to the cloud, the only viable option is endpoint security.
Corporate IT has to protect phones, laptops, tablets and computers in geographically diverse places, and protecting the perimeter is just not sufficient. Any serious cloud based email security solution must provide the following to be worthy of serious consideration.
Protection Against Malware and Ransomware
No matter how malware, viruses, ransomware, or other threats enter your system, they must be quickly eradicated. Any serious provider of cloud based security must make malware detection and elimination a top priority for their clients. A big part of any malware defense is protection against so-called Zero Day Attacks.
A Zero Day Attack is one that takes advantage of a previously unknown security vulnerability. Such vulnerabilities are more common than one might think, and may take weeks or even months to be detected and eliminated. Often, by the time steps are taken to eliminate the threat, the vulnerability has already be exploited and the damage done.
Successful zero day attack prevention depends on the static analysis of hundreds of different file characteristics upon which a risk decision can be based – in other words, a prediction of vulnerability even before the vulnerability is actually exploited.
Ransomware is an insidious form of attack that each year results in the loss of more than a billion dollars to corporations. Six out of every ten virus payloads were ransomware in 2017, with companies being subjected to this form of attack every 40 seconds, on average.²
There are many varieties of ransomware – with the number increasing every day as the ingenuity of hackers rises to meet the challenge of a more sophisticated business community. No matter the version or iteration, all forms of ransomware follow the same basic pattern: An email is sent to an employee containing an attachment from a perceived trusted source. This attachment might look like a document, invoice, or other innocent business communication with a specific call to action.
However when the user clicks on the seemingly innocuous attachment their system (if vulnerable) is exploited with a virus that encrypts information on the local computer and even network shared drives. The user is then prompted with a dialog box or popup window informing them that their information is locked, and they must pay a ransom to regain access to it. There is usually a timeframe that the ransom must be paid with instructions on how to send the money to have your files redeemed.
Spam prevention and Quarantine
Beyond being a mere constant irritation that fills up mailboxes and distracts users from completing their daily tasks, spam can also be a security threat. Many spam emails contain malware, ransomware, or viruses, or are phishing attacks which will, if allowed to propagate on your network, bring business to a standstill and possibly be devastating to the corporate bottom line.
In a cloud-based spam filtering solution, spam is stopped before it reaches the corporate network. This keeps spam messages out of employee inboxes, which in turn denies possible malicious content the opportunity to spread across your network. A cloud-based anti-spam solution also has the benefit of being free of hardware costs and maintenance overhead, as well the costs of software. Such a cloud-based solution is an easily implemented and affordable way to ensure that your network remains free of spam and any email-borne threats it might contain.
Cloud-Based Solution by Duocircle
Detection and Protection Against Spoofed Domain Names
Sometimes the simplest hacking technique results in the most damage. In a spoofing attack, the hacker deliberately replaces the domain name or email address in the sender or reply to address of an email. This is very commonly seen in spam messages, but is also a powerful technique in phishing emails. When a user sees a “trusted” sender for example, they are more likely to click a malicious link in the email.
Another form of spoofing is changing the domain name in an embedded link directly, swapping “paypal” with a final lowercase L to “paypaI” with a final uppercase I. This type of spoofing is very difficult to detect by eye, but detection software can very simply find such bogus links and warn the user when they are about to navigate to such a site.
Phishing Protection
Every day, there is an increasing number of phishing and spear fishing threats, which cause disruption and damaging loss of revenue to companies worldwide. These scams are crafted with the sole purpose of getting your employees to reveal passwords, security credentials, business secrets, and other information which would otherwise remain secure. So-called phishing scams are responsible for the vast majority of hacking attacks against corporations and individuals today.
The negative result on productivity and profitability cannot be understated. The costs of security breaches and the resulting loss of information can run into the millions, compromising or utterly destroying the reputation of your business, and undermining customer loyalty. Any cloud-based email security provider must help protect your organization from the rising threat of these attacks, so you can avoid the very real costs associated with the consequences of having of being unprotected.
Blocking of Malicious Attachments
Malicious email attachments are an incredibly dangerous threat to today’s business, and their use in email is on the rise. Such attachments are typically designed to look like documents, PDFs, audio or video, etc..
They are crafted specifically to fool the unsuspecting user into opening them, but once they are opened, they launch their destructive payload. The effects are varied, but always lethal: they may install viruses, kick off ransomware attacks, launch advanced persistent threats, or even lay low and prepare attacks against partner corporations.
In the case of Locky ransomware, for example, the ransom demand approach begins with an “invoice” in an email. When the invoice is opened, its content is obscured, and the user is directed to enable macros in order to unscramble it. Once macros are enabled, the payload goes to work, using AES encryption to lock down a wide variety of file types.
Real-time logging
It is vitally important that administrative staff be able to obtain access to all messaging logs for email gateways, forwarding, backup, and outbound SMTP in order to ensure that these services are working as intended and / or debug message delivery issues.
The ability to log cloud based email events in real time allows you to see how your security provider is dealing with threats, and monitor the actual level of threat over time in order to tailor the system to your needs.
In fact, the ability to view logs is one of the capabilities of cloud based email that makes it so attractive to IT administrators. The ability to view this information in real time simply doesn’t exist in hosted solutions such as Office 365 and Gmail. Cloud based email logging and monitoring can be used to:
- Identify metrics and events to determine activities that need to be monitored. Not all events are equally important. Logging can help you determine those events that most impact the bottom line.
- Monitor response times and frequency of use to give employees a better user experience and get a more detailed picture of performance.
- Logging can be an invaluable tool during testing and troubleshooting, either in the implementation phase of migrating email to the cloud, or during downtime periods to determine the causes of failure.
Scalability
The solution must be able to grow along with your needs as a corporation, and should have a tiered pricing model based on number of employees rather than on volume of email. The pricing should also be competitive, all other factors taken into consideration. Many security providers offer the same level of security, but the pricing among them is spread across the board. Some hide increased expense behind low “by volume” pricing that will cause costs to rise exponentially as the volume of email increases.
Backup your Email
Backup Services
Your email servers may go offline for dozens of possible reasons, and when that happens, the email on them is inaccessible to users. Internet connection outages, server reboots, installation and configuration of software and patches, or even a complete catastrophic failure of mail servers must not be allowed to bring corporate communications to a standstill. There must be a disaster recovery plan in place that allows continued access to email in such an event. Part of that plan should be a backup service that allows access to email even when the servers are down.
In the best case, such systems do everything for you in the background. Automatic backups are taken of incoming email in the cloud. Failover in the event of an outage is therefore seamless. Users are typically given access to email via a web portal. When the server outage is resolved, all email queued by the backup system is copied back to them. The best solutions also have a long term storage window of up to 30 days, and allow unlimited storage of email and attachments during periods of downtime.
24/7 Knowledgeable Support
The best cloud based email security in the world is useless unless there is support available on an ongoing basis. Such support should be given by qualified individuals willing to work with you to resolve not only typical FAQ-based issues, but any specific one-off issues unique to your environment.
Advanced Threat Defense From DuoCircle Protects Against Email Based Threats.
DuoCircle Advanced Threat Defense pulls together all the tools your organization needs in a single integrated solution to protect and defend your employees from spam, malware, ransomware, phishing, and malicious attachments. Using an intelligent classification engine, we detect these threats in real-time and defend against them with the highest possible level of accuracy. Threats are stopped in their tracks before they can wreak havoc on your network.
Advanced Threat Defense from DuoCircle provides:
- Comprehensive Phishing Protection
- Multi-Layered Anti-Virus and Malware protection to help guard against zero-day attacks Spam protection that eliminates 99% of all incoming spam with a false positive rate of less than one in ten thousand.
- Unlimited inbound message volume, with tier-based pricing based on company size, rather than number of emails.
- Protection against domain name spoofing
- Blocking of malicious attachments.
- Real-time activity logs, with access to the email queue and time of click reporting
- Smart Adaptive Quarantine, which puts the burden of sorting spam messages on the sender rather than the recipient.
- A thirty day backup queue – 30 days of MX backup service included
- Chat, email and phone support is available 24/7
1) Cybersecurity’s Big Disconnect https://www.business.att.com/cybersecurity/archives/v6/
2) Kaspersky Security Bulletin 2016 https://securelist.com/kaspersky-security-bulletin-2016-story-of-the-year/76757/
by Brad Slavin | Jul 13, 2018 | Ransomware
Every day, organizations around the world are subjected to a ransomware attack. Ransomware attacks can take many forms, in fact, the variety and ingenuity of these attacks increases as the business community becomes more aware of the challenges and adept at meeting them. But all forms of ransomware follow the same basic pattern: an employee receives an email containing an attachment.
Protect your DataThe email is written in such a way as to coax the user into opening the attachment: it purports to be time-sensitive information from a superior or an invoice from a vendor, for example. Upon opening the attachment, a virus runs that encrypts information on the local computer. The user is then greeted with a dialog box or window informing them that their information is locked, and they must pay a ransom to regain access to it. Learn more about ransomware attacks and see how ransomware protection can help your organizations.
Even though a ransomware attack directly affects only the user that opens it, the entire organization can suffer because of mapped network drives or even shared cloud storage.
The challenge is that ransomware attacks grow more sophisticated as corporations become more aware of the problem. Since ransomware is launched via email, defensive strategies must focus on email security.
By the time any business is aware that they are the target of a ransomware attack, the damage has already been done. Once a user clicks on a malicious link or attachment, access to local data on that employee’s computer is locked. In order to unlock the data, some form of ransom must be paid. In about 91% of cases, the vector for ransomware is incoming email, often in the form of a spear phishing attack that purports to be from a sender known and trusted by the victim.
Stop Phishing Attacks
Examples of Ransomware Attack – Variations on a Theme
While there are many different types of ransomware, all follow the same basic pattern and have the same goal: to extort payment from your organization by making the information vital to your organization’s success inaccessible.
Here are some of the more commonly seen variations on the theme of data kidnapping.
CryptoLocker
CryptoLocker and its spiritual successor, CryptoWall, share the dubious distinction of being the reason for the more widespread awareness of ransomware in recent years. Some form of ransomware has been in existence since the early days of the internet, but it only became a household word with the emergence of CryptoLocker. With the shutdown of the original CryptoLocker botnet in 2013, CryptoWall and its successors emerged. Today, variations on the CryptoLocker approach are still widely used. The original CryptoLocker attacked files on Microsoft Windows computers, encrypting them with PKE, and storing the private keys on the CryptoLocker servers.
Crysis
Like most newer forms of ransomware, is capable of encrypting both local and shared network drives as well as removable media, meaning it can spread throughout a corporate network extremely quickly. It makes use of a very strong encryption algorithm that is nearly impossible to crack within a reasonable period of time. Double file extensions are usually used to make the file appear to be non-executable to Windows users. Crysis has also been disguised as an application installer in addition to being an email attachment.
CTB-Locker
It takes a “franchise” approach to ransomware, outsourcing the distribution and infection tasks to partners, who are then cut in for a share of the profits. This approach ensures rapid spread of infection and maximizes revenue within a short time frame.
Jigsaw
Rather than encrypting files, Jigsaw deletes them until the ransom is paid. After one hour, a single file is deleted, and the number of deleted files increases with each hour. After 72 hours, all remaining files are deleted.
Locky’s
Its ransom demand approach begins with an “invoice” in an email. When the invoice is opened, its content is obscured, and the user is directed to enable macros in order to unscramble it. Once macros are enabled, the payload goes to work, using AES encryption to lock down a wide variety of file types.
Petya
It takes a wholesale approach: rather than locking individual files, it overwrites the master boot record. After the computer is restarted, the operating system no longer boots.
TorrentLocker
TorrentLocker (sometimes referred to as CryptoLocker) usually is sent out as an attachment to a spam email sent to specific targeted regions. It uses an AES encryption technique to not only lock out files, and it also grabs email addresses from the user’s contact list in order to continue propagating itself.
WannaCry
WannaCry is spread through the EternalBlue Microsoft exploit and has become one of the most damaging and widespread examples of ransomware in the world. Over 125 thousand companies in over 150 countries have been affected by this malware, which demands ransom payments in BitCoin, as well as installing backdoors for future exploits on infected systems.
Protection from RansomwareWhat Can Be Done About the Threat of Ransomware?
The only adequate defense against ransomware attacks is two-pronged: strong ransomware protection technology must be coupled with secure and accessible email backup and archiving that gives users access to email in the event the organization falls victim to attack. DuoCircle’s Advanced Threat Defense is a multi-layered approach to email threat protection that pulls all the features you need together in a single integrated solution to fight…
- Malware
- Ransomware
- Phishing attacks
With Advanced Threat Defense, DuoCircle protects your employees (and your entire enterprise) from spam, malware, ransomware, phishing, and malicious attachments. Our sophisticated classification engine detects and defends your entire organization against these threats in real-time, and with the highest possible level of accuracy.
Advanced Threat Defense from DuoCircle provides:
- Protection from malware and zero-day attacks, with 100% availability.
- Spam protection that eliminates 99% of all incoming spam with a false positive rate of less than one in ten thousand.
- Unlimited users and unlimited inbound message volume
- Protection against domain name spoofing
- Blocking of malicious attachments.
- Real-time activity logs, with access to the email queue and click reporting
- Smart Adaptive Quarantine, which puts the burden of sorting spam messages on the sender rather than the recipient.
- A thirty-day backup queue – 30 days of MX backup service included
- Chat, email and phone support is available 24/7
by Brad Slavin | Jun 22, 2018 | Announcements
DuoCircle Brings High Performance Enterprise Phishing Protection Services to Small Businesses on a Budget
DuoCircle LLC Announces Comprehensive Phishing Protection Services as a part of its new Advanced Threat Defense Suite: a cost-effective, multi-layered approach to controlling spam, malware and phishing attacks in corporate email.
San Diego, CA 22 June 2018 – Today DuoCircle LLC announces Link Click Protection – a comprehensive phishing protection service. Link Click Protection is a service that protects users against malicious URLs they may click on in email, at a fraction of the cost of similar services
According to Brad Slavin, CEO of DuoCircle, “Last year was a rough year for malware and phishing. 2017 kicked off with hacking and malware infections making news in early January when an effective phishing scam targeting Google Gmail users by tricking them into sharing their login credentials. By the end of the year, these types of brazen frauds had not slowed down, in fact they had gotten worse.”
“Hackers have evolved with technology, finding effective ways to get their hands on sensitive data to exploit it in any way they please.” adds Slavin. “Today’s phishing campaigns are based on URLs with historically good reputations. This allows malicious emails to get past the built-in protections that exist in most web browsers and bypass antivirus malware checks.”
Link Click Protection proactively checks for suspicious links in multiple URL reputation databases each time a link is clicked. While some web browsers such as Google Chrome so respond to new threats within hours, Link Click Protection detects threats in real time.
“DuoCircle is the only company bringing this level of threat protection to the SMB market.” says Slavin. “Other companies are charging a price per user per month, where we charge a set fee based on company size.” DuoCircle offers very competitive pricing for small businesses: many times lower than competitor’s offerings for the same level of spam filtering and phishing protection.
DuoCircle’s Link Click Protection service isn’t bound to a particular email client-server application either (like some higher-priced enterprise solutions). Link Click Protection works using any email client, from any device, anywhere.
###
About DuoCircle
DuoCircle LLC (https://www.duocircle.com) is an email security provider for inbound and outbound email routing. Headquartered in San Diego, California, DuoCircle protects over 25,000 businesses and millions of mailboxes worldwide with business critical messaging for complex environments.
Contact
Sales & Support: (+1) 855-700-1386
support@duocircle.com
DuoCircle.com
6060 Nancy Ridge Dr
San Diego, CA 92121
by Brad Slavin | Apr 25, 2018 | Phishing
DuoCircle’s Advanced Threat Defense automatically generates SSL-certified domains for anti-phishing protection
At DuoCircle, we prioritize privacy and understand the need for encryption on the Web. We are passionate advocates for free speech, and the need to make encrypted connections ubiquitous online. We are happy to announce our sponsorship of Let’s Encrypt a market and thought leader in SSL and privacy online. While we are not a web hosting company that would benefit from issuing SSL certificates with each website we still believe in using the best of breed technology in all of our offerings. We specifically engineered our Advanced Threat Defense system for malware and phishing protection to utilize Let’s Encrypt certificates for our client domains.
Some background on why Let’s Encrypt is important to the Internet as a whole. They give users the ability to automatically register and certify new domain names without requiring additional IT resources. Instead of requiring users to go through the complex process of obtaining a commercial SSL certificate, Let’s Encrypt allows users to certify an unlimited number of domain names at no cost.
While this is a useful cost-saving option for web developers and designers, it has wider cybersecurity applications for enterprise IT professionals. In the enterprise IT environment, the risk of phishing and domain name forgery are high and this is why we have blended Let’s Encrypt certificates with our Phish Protection to allow enterprise users to leverage Let’s Encrypt technology to immediately and automatically generate secure domain names that are used to track clicks to external websites.
When combined with Advanced Threat Protection, it gives users an immediate way to reliably verify safe links and domains. PhishProtection is unique in allowing a custom-branded, SSL-certified redirection domain name which helps train users about phishing scams.
Because LetsEncrypt’s services are critical to our Advanced Threat Defense system, we have joined some of the tech industry’s most reputable names – such as Mozilla, Cisco, and Google – in sponsoring their initiative to offer free, automatic SSL certification services.
How automatic SSL certificates help thwart email phishing
The data on cybersecurity is clear email is the number one threat vector for malware, ransomware, business email compromise, and other sophisticated cyber attacks.
In a typical ransomware scenario, cybercriminals will use publicly available information to masquerade as trusted email contacts and trick employees into downloading ransomware executables. The ransomware will then spread from the first system it infects to all of the organization’s systems, including network systems and backups.
Upon reaching a critical volume, the cybercriminal will activate the ransomware application and encrypt all of the organization’s files, demanding payment for the decryption key.
This strategy often works because employees deal with dozens or even hundreds of emails per day and cannot comprehensively verify them all. Only a comprehensive threat detection system that can determine the origin servers of incoming emails can reliably verify incoming messages.
Today’s most pressing cybersecurity challenge is reliably and accurately detecting threatening emails before users download the files they contain. LetsEncrypt’s automatic SSL certificate service represents a key step forward towards that goal.
Forging an email is surprisingly easy. Today’s cybercriminals have no problem forging emails from reputable, well-known companies or even from executives within the corporations they seek to attack.
This makes it difficult for employees to determine which emails can be trusted. An urgent message from the company CEO may actually be a sophisticated cyber attack, and most employees would not think twice before opening it. There are tools like DMARC, SPF and DKIM that can protect against these easily spoofed messages but it does require IT’s intervention to setup and maintain.
PhishProtection uses LetsEncrypt to give organizations the ability to register and certify trusted domain names automatically. This makes it more difficult for cybercriminals to forge those domains, even when using IDN homograph attacks.
Accessing a registered, encrypted domain name brings up a message that looks like this:
By educating their user base to look for encrypted domains, IT administrators can mitigate the threat of being victimized by email phishing. Employees, users, and stakeholders have clear trust indicators to look for before opening up links and email attachments.
Phish Protection offers comprehensive threat defense
DuoCircle Phish Protection combines the innovative phishing, malware, spam, and spoofing protection of our Advanced Threat Defense product into a scalable email security solution for small businesses, corporations, and enterprises.
In today’s cybersecurity environment, providing comprehensive phishing defense requires generating branded, SSL-certified domain names that let users know they are accessing a trusted site.
In practice, this solution applies a secure subdomain to your existing domain name. Therefore, http://YourDomain.com would become https://URLF.YourDomain.com. This lets you demonstrate to users and employees that your domain is protected.
While this may seem like a subtle difference, it offers significant defense against a broad variety of cyber attacks. Being able to reliably inform users that the website they are visiting is secure carries important implications for the development of a robust cybersecurity policy.
Hackers continue to flood the Internet with fake domain names. Securing your company’s domains against domain name forgery gives you a critical advantage towards preventing email forgery and cyberattack.
Phish Protection for email servers offers world-class protection from phishing attacks in a scalable flat-fee format. All protection levels come with 24/7 support, with supported userbases of between 1 and 750 individual employees.
by Brad Slavin | Apr 22, 2018 | Email
Cybercriminals are forging domain names to trick unsuspecting users
Not sure what a IDN forgery is? Click here and take a look at your browser’s address bar… go ahead, I’ll wait.
Most modern browsers will display “Apple.com” in the address bar, but it’s obvious that this isn’t the real Apple.com. This particular example well documented and the demo may be shut down by the time you read this…but the real question is – – What happens when a cybercriminal uses the same approach to trick your users into sending sensitive data, such as log-in and password credentials to a website masquerading as your own companies brand?
This is the danger of what cybersecurity specialists call the IDN Homograph Attack. It is especially common in email phishing campaigns because email users tend to click the embedded links in emails instead of writing out URLs in their browser search bars – it’s a very natural thing to do and people rarely think twice about it.
These forged websites can be made to look exactly like their target website, and even get a trusted Green Lock from their SSL certificate! It is very difficult to protect users from IDN homographs. Broad strategies don’t work – and it’s nearlhy impossible for you to manually curate a customized list of IDNs for the sites your users visit, or even your own corporate domain.
With the release of our phishing protection service we offer customized protecting against homograph attacks that are customized to your domain and host names. Even with our protection it’s extremely important to understand how IDN homographs work is key to protecting yourself and others from being exploited by clever cybercriminals.
What is an IDN homograph and how does it work
IDN stands for Internationalized Domain Name, which broadly refers to domain names written in languages other than English.
Since the Internet was invented in the United States and the World Wide Web was invented in Great Britain, it makes sense that the network addressing systems used by Sir Tim Berners-Lee, Vint Cerf, and Bob Kahn were written in the English language.
The obvious limitations of a global digital communication system that only supports a single language became clear pretty quickly. People countries that don’t use the Latin alphabet had no means of representing their respective languages in the domain name system.
The Internet’s early architects knew this, and began working on a solution. After a lengthy and, sometimes, culturally tone-deaf development effort, undertaken mostly by American engineers who did not always understand the languages they were attempting to develop support for, Punycode was born.
The problem here is that some languages use characters that look exactly the same as characters in the Latin alphabet. The Russian language, for instance, uses the Cyrillic character “Н” to describe the sound English-speakers associate with the letter “N”.
The Cyrillic “Н” and the Latin “H” are homographs of one another. Web browsers, designed for multi-lingual support, show both characters as written.
So, a cybercriminal can register a counterfeit website that looks exactly like a legitimate website by replacing one or more letters with a homograph. There is nothing that prevents such a website from receiving SSL certification, so users who click on links to arrive at that site have no way of knowing whether it is the legitimate website or not.
In most cases, cybercriminals use these fraudulent websites for email phishing. But that is not the only use for this attack vector. Fraudulent websites made by using homographs can be used for:
Any one of these malicious purposes can easily become an existential threat for your business. The key is to protect yourself against domain name forgery – but how?
Who can protect you against IDN spoofing
At first glance, it might seem like ICANN, the organization that coordinates domain name registration on the Internet, should be able to implement some kind of solution to this problem. In reality, beyond a 2005 announcement and request for public comment, the organization’s hands have been tied on the matter.
Browser developers at Apple, Google, Opera, and Mozilla are in a similar position. Limiting the accessibility of foreign character sets implicitly makes their products more difficult for non-English-speaking users – they just can’t do it without excluding hundreds of millions of potential customers.
To be fair, most browsers do attempt to protect users against IDN homographs, but they don’t always do so automatically and they absolutely will not protect you if someone is using your own domain name as an IDN. In Firefox, for instance, you have to manually enable protection by accessing browser configuration code – something that non-technical users are unlikely to feel comfortable doing.
This puts the responsibility squarely on users’ shoulders. It also means that IDN homograph attacks are likely to continue unabated or even increase in frequency, especially when email is used as a vector.
Fortunately, an email security vendor like DuoCircle can mitigate the threat of domain name spoofing. Since there is no elegant solution to the IDN problem, we go about it the hard way.
How to protect users against domain spoofing
The peculiar set of circumstances that led to IDN homographs becoming a tool for cybercriminals make preventing homograph attacks difficult. Many email security vendors apply broad phishing protection that includes well-known homograph-based website forgeries, but no comprehensive solution to preventing new homograph attacks.
One user-oriented solution is to compel users to use bookmarks or manually type in URLs when connecting to websites. The problem with this approach is that some users will still click on links embedded in email messages simply because it saves a few seconds of time – and cybersecurity vulnerabilities only have to be exploited once to cause trouble.
Our solution is designed to prevent business email compromises, a $5 billion industry that often relies on homograph attacks to impersonate trustworthy websites and pilfer victim’s bank accounts.
What we do is simple. We create a customized list of IDNs for your domain names and then adding these to a blocked list in our phishing protection suite. This helps to automatically block cybercriminal attempting to counterfeit a domain name associated with one of our customers when they are using our Advanced Threat Defense with Phishing Protection services.
By creating a customized list of potential IDNs, we can catch suspicious behavior before our customers give up sensitive information or download malware. We do this for every one of our customers, regularly curating the list so that domain name forgeries don’t go undiscovered.
by Brad Slavin | Apr 16, 2018 | Smtp
Hosting Providers should outsource their Outbound SMTP Services to prevent IP reputation problems
As a hosting provider, your email IP reputation is critical to your customer satisfaction, if your users email does not make it to the inbox… your customer support department gets flooded with tickets. Just one compromised account can wreck your reputation and have your support team reeling to resolve the RBL or other delivery issue.
There is a better way to handle your customers outbound SMTP, and that is to allow a cloud provider to become your smarthost or mailhop. Unfortunately, traditional SMTP services will see the traffic from the exploited host and shut down your entire account, so you’ll have to find a provider that specifically handles hosting / VPS or coloation SMTP traffic.
So what can you do?
Since you can’t check every single email that passes through your systems, trying to stop spammers from exploiting your servers is not a practical solution. No matter how quickly you respond, you’ve probably already delivered thousands of messages which will be damaging your reputaion. Instead, we can help you to configure outbound SMTP service that identifies bad actors at the user level, so that you can control reputation damage while keeping your legitimate users happy with your service.
Our outbound SMTP service for hosting providers achieves this by doing two very important things:
First, we analyze trends to identify where the spam originated.
Second, we identify the origin accounts so that our clients can exclusively take action on bad users.
Read on to learn how this helps you fight spam accounts and earn a stellar reputation.
Outbound SMTP Services Spot Spammy Users with Trend Analysis
Since you can’t physically prevent spammers from misusing your resources and manually verify every single email that originates from your servers, there is only one way to identify spam. You must analyze large data patterns to find out where the spam originates.
Of course, this is easier said than done. If your IT resources are dedicated to the web hosting business, it is unlikely that you have substantial resources for spam filtering. Even if this isn’t the case, applying resources is complicated without a clear, established guideline generated from years of experience.
This experience is what puts DuoCircle at the forefront of outbound SMTP services. Additionally, cutting-edge advances in machine learning and compromised account detection provide the tools that we use to help our ISP clients identify red flags indicating server misuse.
These tools allow us to automatically check the content of each email originating from a customer’s server and to develop a digital fingerprint for that content. We then compare the digital fingerprint with an up-to-the-minute database of spam signatures already in the wild. If there is a sudden uptick in illicit activity, we can automatically trigger rate limiting or block the sender entirely.
We also use tools to track individual users’ message volume, recipient validation failures, and other signals of spam email content. Without the right tools and a healthy dataset, identifying spam email accounts is extraordinarily difficult. But, our approach makes it simple.
All of these approaches rely on catching spam email users before they begin hurting your reputation.
We actively monitor delivery messages, feedback loops and signals from the recipient domains to as an additional way to identify spammers proactively and prevent them from hurting your reputation before the other signals are triggered.
From the moment you activate our service you’ll start delivering emails and only the suspected messages will be scrutinized. We have had dozens of providers solve their IP blacklisting problems in under an 30 minutes by routing traffic through us. It’s essentially a set and forget system once you have made some contifguration changes on your servers.
Outbound SMTP services identify bad users
By leveraging data and smart algorithms for server traffic analysis, we can generate a compelling “big picture” look at the IP reputation for your server.
The key to our solution is identifying spam email accounts and then empowering our clients to immediately take action to remedy the compromised accounts. Typically we can notify your team in a number of ways including:
- We generate a human-readable email to your support email to highlight the offending account with information why we think the email is suspicious , or;
- We deploy an API webhook so that you can automate your response to a compromised account or notify a system like slack to alert your support team.
Sending an email is the easiest to impliment and it works great where the compromised user base is small. If we are working with a larger ISP and the number of bad users sending spam email is high, then implementing the webhook method is much more efficient.
More importantly, we can shut down traffic from compromised accounts while generating these messages. This way, even if a client does not respond immediately, the account in question is blocked from sending out spam messages; it is always better to be safe than sorry.
If you are tied of triaging your IP reputation our solution lets you ensure that your legitimate customers keep the high reputation they deserve and their emails reach their intended destinations, while helping you to resolve exploited accounts before they become problems on your network.
Why is spam mail still a problem?
Our outbound SMTP services solve a problem that is as old as email itself. For many users, IT administrators, and web hosting providers, the bigger question remains unanswered; how can spam accounts still exist when we are almost a quarter into the 21st century?
The truth is that services like ours are helping to bridge the gap and get rid of spam for good. But for as long as there are financial gains to be made through spam, this problem will continue. Recently, spam has taken a turn towards cybercriminal activity, what with the advent of new forms of phishing and ransomware.
It is now more important than ever for ISPs to assume control of server traffic, identify bad actors, and quarantine accounts that ruin the Internet experience for the rest of us. As the Internet develops and users come to expect more from their hosting providers, fundamentals like IP reputation will become even more important than it is now.
An increasing number of new users will place priority on ISPs that deliver premium service, and those who fall victim to reputation-damaging spam account misuse will fall behind. Implement a secure and scalable solution for preventing IP reputation problems today so that you can keep your users happy well into the future.
by Brad Slavin | Mar 30, 2018 | Smtp
Ever wanted to understand some of the elements that impact your deliverability, take a look at the Periodic Table of Email deliverability. It outlines the common issues, configurations and sending options that could be keeping your messages from making it to the inbox.
by Brad Slavin | Mar 13, 2018 | Phishing
One of our vendors just alerted us to this Phishing scam that they have seen over the past few months. One of their customers has been hit with increasing frequency with an attack that follows this 5-step pattern;
-
- A known vendor or customer falls victim to a phishing attack. Their email credentials are compromised, and the “bad guy” gets access to their email account.
-
- They start by changing the password, so that the victim no longer has control.
-
- They then comb through past email correspondence and using the victim’s account, signature, and logo, send out targeted emails crafted to closely resemble legit correspondence they have had with our company in the past.
-
- Depending on the “bad guy’s” dedication to his craft, these could be fairly generic, or extremely specific. We’ve received one with an inquiry that referenced a specific real invoice # for that individual.
- The email always includes a spreadsheet or PDF. The name can be generic, or can be really specific. We’ve received one titled with a specific real invoice # for that individual.
Because these emails are coming from a real email account for a real business partner, they are very hard to identify, and in some cases they are literally impossible to detect, as they are carefully crafted copies of past legitimate emails. Naturally, there are a few that cast a wide net, so they are more generic and often contain corrupted grammar or spelling, but others are indistinguishable from real emails.”
The bottom line is on preventing this type of attack is to ask yourself – Is there a reason that this message has an attachment? Even though I trust the sender, does it seem out of place to get an attachment from them or a request to open an attachment?
Keep up your guard and your awareness and if you would like Phishing Protection for your company we would be happy to help.
