Ransomware promises to be a major challenge for the current year. This threat has spread widely in recent years, paralyzing corporate networks and causing heavy financial losses, as many media reports have revealed. Its impact can be devastating for businesses managing tens of thousands of endpoints and thousands of applications and servers spread across hundreds of sites. As a result, the financial consequences can be particularly serious, even weighing several billion dollars worldwide. Ryuk is one of the recent malware that made the headlines and whose particularity is to activate a backdoor when a user clicks on a link in a phishing email.
But beyond ransomware, companies face other threats. There has been a marked increase in malicious emails on the topic of Coronavirus, as well as malicious social engineering techniques recently observed by our researchers at FortiGuard Labs. Whether it’s phishing scams, targeted malware, or both, these attacks have one thing in common: the majority of them land directly in your email inbox.
Today, more than ever, email remains the primary vector of threats worldwide, which means optimizing its security.
Identify risks with a CTAP program
Clearly, not all email security solutions are created equal. A single malicious file attached to an email is enough to bypass the mailing security gateway to pose a potential threat to the network. The capacity of a security gateway must be able to respond to current security challenges.
There are two ways to determine if its email security gateway is protecting its business against current phishing / spear phishing campaigns and similar attacks, and if its security infrastructure can neutralize ransomware and malware sent by email: we can wait until an incident occurs (option not recommended, of course…), or else, proactively conduct tests to ensure that the tools in place defend the business against the most sophisticated current threats
Fortinet’s Cyber Threat Assessment Program (CTAP) helps companies identify their security risks, by determining the application vulnerabilities used to hack the network, malware / botnets potentially already present in its environment, phishing attacks likely to bypass the existing defense lines, as well as the most “at risk” devices. It is also possible to determine the productivity tools used and the bandwidth consumption. All this data makes it possible to define the probabilities of a security incident for each company, then correlated anonymously and centralized with the data collected from other organizations, they offer visibility on threats and their activities on a global scale .
The participants in the CTAP program are users of Microsoft Exchange Online or Office 365. Many of them already have email security functions and solutions in place: the risks remain however topical, as highlighted by the data collected by Fortinet.
The rise of email threats
Over the month of January, we found that businesses were still overwhelmed by messages associated with spam and marketing campaigns. These unwanted messages take a toll on companies’ bandwidth and productivity, prompting them to take action.
The statistics become more meaningful when there are malicious or potentially risky emails and URLs that land in users’ mailboxes. This finding is all the less reassuring that the customers studied already have email security in place.
Even when an organization’s existing email security filters out malicious or risky traffic, we find that 1 in 3,000 messages contains again malware. More interestingly, 1 in 4,000 emails carry previously unknown malware. It is often an advanced or zero-day threat, or a new variant of a ransomware: more than ever, customers must go beyond rigid signature-based approaches (yet adopted by the majority email security platforms) and move towards an analysis of emails in sandbox.
Going further, Fortinet also found that one in 6,000 emails contained suspicious URLs. While not all of these links are necessarily malicious, many of them may nonetheless serve as a springboard for a future ransomware campaign, or a phishing attempt that hijacks credentials and provides access to a network. company and its valuable resources.
The typical employee receives, on average, 121 emails per day. A company with a workforce of 100 will have to manage 4 emails infected with malware each day, 3 emails infected with previously unknown malware, and 2 emails containing suspicious URL links.
This task is more difficult than it seems. Thus, systematically neutralizing suspicious or unknown URLs can displease users and weigh on IT support teams. Companies therefore have every interest in deploying new generation solutions that will eliminate these risks.
By Christophe Auberger, Cybersecurity Evangelist, Fortinet