Protect your end users from email-based exploits
Last year was a rough year for malware and phishing. 2017 kicked off withhacking and malware infections making news in early January when an effective phishing scam targeted Google Gmail users by tricking them into sharing their login credentials. And now as we close out the year, these types of brazen frauds have not slowed down, in fact it has gotten worse.
The postmortem of the Gmail attack was outlined in the research of Wordfence, a popular security plugin for WordPress websites that determined that the hackers created a particularly devious email that looked legitimate enough to fool Gmail users into sharing their log-in credentials with a password stealing application.
The Google credential attack was then followed up in August with an outbreak of 23 million infected emails which according to the security experts at AppRiver, the hackers didn’t even try to make the emails look legitimate. They were relying on the sheer volume of email to deploy this massive attack. One infected hard drives were encrypted and ransomed in a very similar way in which the popular WannaCry and Petya ransomware were deployed.
Incidents like these highlight the serious cyber threats enterprise email faces, but without any cost-effective solutions, which have prompted email security companies to respond.
DuoCircle is proud to announce Link Click Protection, a malicious URL and link protection tool that defends all of your users if they click on malicious websites they may find in their email.
Link Click Proctection is an added layer of security and is part of our Advanced Threat Defense perimiter security for your spam filtering service and has been tested for the last six months with hundreds of thousands of emails that have been scanned and protected by the service. However, before I go in-depth into the workings of the service allow me to lay out the threat landscape for enterprise email and how to protect it from both spam and phishing attacks.
The most publicised security scandal of 2017 was undoubtedly the Equifax breach, three specific types of threats made it clear that the hackers behind them mean business. For email security firms 2017 was the year of Phishing, mal-spam, and ransomware emails.
Phishing email campaigns
According to Phishing.org, the first phishing emails were sent sometime in 1995. However, it would take almost a decade for phishing to become a severe threat, with hackers creating sophisticated campaigns with emails that look virtually identical to those sent by legitimate companies.
Phishing campaigns attempt to do one of two things:
- Persuade the user to share personal information, email log-in credentials, or personal information, such a social security number, credit card number, and other sensitive information
- Persuade the user to click on a button, link, or attachment to trigger a process that downloads and installs malware on the computer
Don’t share personal information
If you open an email and it looks like a legitimate email, but asks you to update an account number, or your password DO NOT reply or click on the links. Instead, contact the company directly and ask if someone there has requested for your personal information or manually type in the website URL into your browser bar, rather than clicking on the link.
Don’t click a button, link, or attachment
Unless you are 100% certain that the email came directly from the company and don’t open any attachments.
This ugly beast has reared its head a few times this year, each with disastrous results for the businesses impacted by infections.
There are two fundamental attack vectors for ransomware:
- Exploitation of vulnerabilities found in Microsoft windows operating systems
- Email, via mal-spam or phishing campaigns
Vulnerabilities of Microsoft Windows
Driven by their popularity, hackers love to find vulnerabilities in computers, Exchange Servers, and various Microsoft software products that they can exploit. A popular way to do this is with a ‘drive-by’ scenario where a bot looks for a single vulnerable computer on a network to infect. Once the first computer is infected, the bot begins looking for other vulnerable computers to infect on the same network.
Link Click Protection can’t defend against a local outbreak, but it does protect your email in new ways that help prevent ransomware from being downloaded and installed on the vulnerable computers on your networks.
Email: Mal-spam and phishing campaigns
The latest darling of the hacker world is email. Hackers have found that they can launch massive malicious spam campaigns with minimal investment and a guaranty to make hundreds, sometimes even thousands, of times the initial cost of launching millions of emails.
A nefarious twist on traditional spam, a mal-spam email contains a link or an attachment that, when clicked, triggers the download and installation of ransomware. When the user returns to use the computer at a later time, they are hit with a warning page that tells them their files have been encrypted and that they must pay a ransom in order for their files to be decrypted.
Mal-spam emails may be poorly designed, making them relatively easy to spot. If you suspect an email is spam, report it as spam and/or delete it. Don’t even bother opening it.
Targeted campaigns that try to fool users into giving up log-in credentials and sensitive personal information have been around for a long time. Over the last couple years, however, hackers have developed emails that look just like real emails from legitimate entities and businesses. Earlier this year, a particularly devious campaign was highly successful at getting Gmail users to give up their login credentials. At a glance, everything looked legitimate – even the email’s URL. Upon closer inspection, however, it became apparent that the email was actually a malicious image that ultimately triggered the download and installation of the Locky ransomware. Even seasoned IT professionals were falling for this one.
The best preventive action to take for this is to NEVER submit your log-in credentials and personal information to an email form. NEVER click on a link that takes you to a web form hosted on a different URL, either.
It all sounds good, but what happens when you’re tired, see the legit-looking email, open it, and mindlessly fill it out and send it off anyway?
This is precisely why DuoCircle’s Link Click Protection software has been designed – to protect you!
When you click a malicious link, DuoCircle’s LCP software immediately checks it against a multiple real time databases and threat intelligence feeds of known malicious links and websites. By blocking the user from opening the site it prevents your computer from executing an event if the link is malicious. When paired with our spam filters and email security software, you have a trio robust enough to protect your email from even the most sophisticated attacks.
The cost of exploited email and ransomware
Effective phishing campaigns and ransomware bring businesses to their knees by encrypting files and data on as many computers as they can infect. Companies, facing the threats of lost business and a tarnished reputation, often pay the ransom, setting themselves up to be victimized again in the future. Some organizations, including power plants, hospitals, and financial services, provide mission-critical services to the public that are compromised when computer systems are hacked.
Even when people are properly trained in information security best practices, they can fall victim in a moment of distraction, placing your entire business at risk. Wouldn’t it be great if there were a security solution that delivers what it promises and provides the kinds of email protection us tired, distracted humans need?
Introducing DuoCircle Link Click Protection
How does it provide protection?
Link Click Protection provides real-time scanning and defense for emails anytime a link is clicked in an email:
- Provides superior phishing protection
- Blocks malicious websites
- Provides real-time link checking
- Superior phishing protection
Hackers have evolved with technology, finding effective ways to get their hands on sensitive data to exploit it in any way they please. Today’s phishing campaigns are based on URLs with good reputations. This helps malicious emails get past the built-in protections that exist in most web browsers and bypass antivirus malware checks.
Web browsers such as Google Chrome respond to new threats within a few hours, but can’t keep up with the real-time protection of the Link Click Protection service.
Blocks malicious websites
Our software detects and blocks malicious websites before your end users can go to them. If a link in an email is clicked and our phishing protection service determines that the link goes to a malicious site, the end user sees a warning that tells them that site is believed to be dangerous.
Real-time link checking
LCP checks all links against 6 URL reputation databases. This protects the user from clicking on links that look legitimate but connect to malicious URLs that can download and install malware on the computer.