Threat Actors Are Bypassing Your Email Security Solution. Here's How.
- by Brittany Day
Despite the wide array of business email security solutions on the market today, malicious email is still reaching users’ inboxes, and often resulting in severely damaging attacks and breaches. These cybercriminals are constantly working on their methods for exploitation, finetuning their techniques and tactics to evade the detection of security defenses. This article will explain the most popular and effective techniques that threat actors use to bypass email security solutions.
Top Methods Used to Evade Email Security Solutions
Social Engineering is a method of deception that is used in 98% of all cyberattacks that leverages personal and business context to establish trust and manipulate the victim into sharing sensitive information. These scams are highly successful as they leverage trust relationships built with a superior, colleague, partner, or organization.
Social engineering has become increasingly popular in recent years, as attackers are now able to obtain extensive information on targets by searching the Internet or scouring social media platforms. Attacks are designed to look and feel like legitimate communications, and often bypass traditional email security technology like spam filters and antivirus software as a result.
Spear phishing is becoming an increasingly popular attack vector because it is generally more successful than conventional phishing. As opposed to sending hundreds of thousands of relatively generic emails out at a time, spear phishing campaigns involve researching victims and using advanced intelligence strategies to compose just a select few highly convincing messages.
From the message content to the language used, spear phishing emails mimic legitimate communications very closely, and thus frequently evade the detection of static, single-layered email security defenses such as those built into Microsoft 365.
Fileless malware is a payload-less email attack that runs in a computer's random access memory (RAM), not from a malicious file, and exploits existing, trusted system applications to install and run malicious code on target systems. This code is then used to encrypt and exfiltrate sensitive data, transferring it directly into the hands of the attacker.
Attacks leverage legitimate, trusted operating system tools for malicious purposes, essentially turning systems against themselves. This method of attack has become a favorite among cybercriminals for evading security defenses, eavesdropping on corporate networks, compromising systems, and gaining access to sensitive data.
Unlike traditional malware, fileless malware has no signature because it does not leverage executable files, and goes undetected by signature-based antivirus software and the majority of traditional email security solutions as a result. Ponemon Institute reports that fileless attacks are 10 times more successful than file-based attacks.
Email Account Compromise (EAC)
The email account compromise (EAC) scam works by compromising one account, then using the trust established between that account and those associated with it to steal credentials that can be used to compromise others and trick victims into unknowingly wiring funds to the attacker.
EAC is very difficult to detect because of the fact that in this scam malicious emails are typically sent directly from the compromised account owner’s computer, which has been authorized to send mail as that user. As a result, these fraudulent emails are not identified and flagged by email authentication protocols that have been implemented by a user or an email security provider.
This type of virus changes its signature when it reproduces, masquerading as a different and seemingly harmless file. These viruses are especially threatening because antivirus programs typically have a hard time detecting them. Because traditional antivirus software can only blacklist a single virus variant, many programs take months to identify a single polymorphic virus. Polymorphic viruses are usually spread via spam email, malware, or infected websites.
Macros Hidden in Microsoft Office Attachments
Macro-enabled Microsoft Office documents have led to big payouts for malicious actors for nearly a year because traditional email security solutions still don’t fully scan attachments and let them through. Strong email security solutions offer macro scanning, attachment sandboxing and granular policy creation.
Solutions that include granular policy control allow fine-tuning for virus filtering engines that seek out macros embedded in Microsoft Office files. Attachment sandboxing also helps security admins to easily determine if attachments are malicious or not in a secure virtual test environment. The sandbox is a place where malicious files can be executed to determine whether they are actually safe to open.
Misconfigurations Systems When Migrating To Cloud
Products of a strong email security often require an admin to configure specific IP range allowances, which in turn only allows email filters through their security solution. The admin runs the risk of failing to lock down their environments and only allowing the specific ranges, which would make it possible for outside mail to enter the inbox.
Mitigating this problem requires patience during the configuration process of your email security system. To eliminate the possibility of malicious email filtering through the security solution, work with the security company to secure the environment and keep it locked down.
When looking for an email security solution capable of identifying threats that often bypass traditional security defenses, an organization should consider a service that identifies all threats before they reach the inbox. The ideal solution should provide various detection layers to identify targeted spear phishing attacks as well as account takeovers, malware, zero-day threats, and more. Learn about defining characteristics and features of the most effective business email security solutions in this blog post.
Must Read Blog Posts
- Demystifying Phishing Attacks: How to Protect Yourself Now
- What You Need to Know to Shield Your Business from Ransomware
- Shortcomings of Endpoint Security in Securing Business Email
- Microsoft 365 Email Security Limitations You Should Know
- Complete Guide to Email Viruses & Best Practices to Avoid Infections
Latest Blog Articles
- Thinking Strategically about Email Security in 2021 and Beyond
- Open Source: A Powerful, Yet Underutilized Weapon against Phishing & Zero-Day Attacks
- Buyer's Guide: What to Prioritize in an Email Security Solution
- Buyer's Guide to Microsoft 365 & Workspace Email Security
- EnGarde Cloud Email Security: The Logical Solution to Cyber Risk in Microsoft 365
- Exchange Servers Are Vulnerable - Learn How To Secure Your Email Server Now
- Top Email Security Risks in 2021 - How To Set Your Business Up for Safety & Success
- Ransomware By The Numbers: How Big Is My Risk?
- SMB Ransomware Warnings & How To Prevent an Attack
- Apache SpamAssassin 3.4.6 Release Fixes Two Potentially Aggravating Bugs