How Targeted Threat Detection Stops Threats Before They Start

Phishing and spear-phishing attacks against businesses are growing more common, and they are a common entry point for expert cybercriminals working their way into your system. This is one of the most common and unprotected point of attack – a study found that two thirds of analysed cases of successful cyberattack were initiated with an infected email attack.

In this post, I’m first going to describe the threat, how it works, and the damage it can do. I’ll then describe the strongest methods of protection against it.

The Threat – Targeted Phishing Attacks

Malicious emails are extremely common. Those who’ve had to use email without a spam filter will know just how many spam emails get sent every day; but most of these emails are obviously spam, and are not targeted at businesses, but rather a dumb bot has sent the email to a large list.

But some malicious emails look incredibly realistic. Using domain spoofing techniques or by purchasing domains that look almost identical, a cybercriminal can easily send you an email that looks like it is from a legitimate source.

With an email address that many won’t be immediately suspicious of, cybercriminals then have multiple avenues of attack available to them. They can use malicious links, or simply attach a malicious file directly.

Malicious links take the least effort, and are often successful. Think about how many times you click the links your peers, colleagues, or customers send you. Links are abundant in the modern email climate; links to large downloads, links to meetings, and documents, and information – links are everywhere. After quickly browsing my most recent 15 emails, 13 had links in them, 7 of which to websites I haven’t been to before. Many people these days are so used to getting sent links they click them before considering the source of the link or what might be on the other end, and with link shortening tools like Bitly even a link to Google.com can look like: http://bit.ly/1U77v6C – if every link can be so unrecognisable, people quickly get used to clicking unrecognised links.

Such links, of course, open you up to many different infection vectors. Immediate file downloads, Trojan files, and malvertisements are just the start of the opportunities malicious links provide to cybercriminals.

If a cybercriminal elects to simply attach a malicious file they may have an even easier time of infecting their target. A harmless looking file, such as invoice_160316.doc, can be infected with any number of different malicious files. With malicious attachments cybercriminals even avoid the need to get you to click a link, merely by opening a file you may immediately allow the file to initiate whatever malicious code it carries.

So how can you protect against these attacks? When infected attachments allow some infection to bypass much of today’s standard security measures, what can you do to protect your employees and business from this threat?

The Solution – Targeted Threat Protection

Kogo’s solution to the ever-present threat of phishing attacks and malicious emails is Mimecast’s Targeted Threat Protection, which is a combination of two core functions – URL Protect and Attachment Protect.

URL Protect allows users to trust links in emails. Mimecast scans and replaces every link in incoming emails with a custom Mimecast link. When you click that link, Mimecast instantly opens the webpage in a cloud based sandbox, which you are not connected to, and checks that the page is safe. If the page checks out, Mimecast redirects you to the page; but if it detects phishing or spear-phishing content on the page it instead blocks the user from accessing the page, and alerts them to what was found. By scanning links that you click on the fly, Mimecast doesn’t delay your email by scanning all the links at once, and instead only scans the links that you want, when you want then.

Attachment Protect uses a similar principle, checking your files before you are exposed to harmful code. However, here Mimecast faced a problem. It would be inefficient and slow to fully sandbox each file sent to you; where the file is opened and fully examined on a safe test computer, and yet allowing malicious files through would be catastrophic.

For this reason, Mimecast Targeted Threat Detection uses an innovative 2 tier protection system. When you receive an email with attachments, Mimecast does a preliminary scan of your files and converts unsafe or open to abuse file formats, such as .doc and .jpg to .pdf files, where active malicious code cannot be run. For employees who need to simply view the file, this works fine, and they need go no further. However if you need to edit the file you have been sent, you simply press a button to request the original files. Any files you request are then fully sandboxed for threats, and safe files are passed through whereas malicious files are rejected and you are alerted to their existence.

There we have it – how Mimecast Targeted Threat Protection can help protect you and your business from malicious email attachments and spear-phishing attacks, before you even know they’ve been sent to you.

Contact us today on 01342 333000 or at [email protected] to find out more about securing your business using Mimecast and other vital cybersecurity tools.

0 replies

How Targeted Threat Detection Stops Threats Before They Start

Leave a Reply

Leave a Reply Cancel reply

Latest posts

Contact Us

How Targeted Threat Detection Stops Threats Before They Start

Share this entry

Leave a Reply

Leave a Reply Cancel reply

Latest posts

Contact Us