The email remains the no 1 vector of attack
The number 1 attack vector is and still is the messaging. It is no coincidence that so many reports on the threat, published by professional publishers of digital security, report it. “According to an analysis by IBM Security, the number of emails containing a ransomware has increased by 6,000% between 2016 and 2017. And the flight does not stop there since the last report of Vade Secure notes an extraordinary growth of current phishing scams. “In January 2018, it is 200 million phishing detected more than in December that had 25 million. The 1 st quarter of 2018 has an additional volume of 550 million. ”
The risk is, therefore, greater today than ever. This might seem antithetical to the fact that the attack surfaces are multiplying, like the connected objects, and that one might think to attend a more smooth distribution between them. Nevertheless, by its capacity to generate strong impacts on a large scale, the mail remains the attack channel par excellence.
Typologies of attack always more diverse
The ransomware, real hostage on data redistributable against ransom, or phishing which, remember it takes the form of an email containing a link to a fraudulent site in order to push the targeted victims to communicate sensitive information (blue card, login credentials, personal data …), are two typical examples of rather simple and rapidly profitable technical activities. But other attacks have appeared.
Cousin, “the Spear Phishing ” is more targeted, since instead of targeting a few thousand or tens of thousands of people, the attack targets a clearly identified person to extract specific information, as in the case for example fraud to the President.
More recently, soft target phishing has appeared. It combines these two previous modus operandi to target typologies of people working in a given sector, such as accounting. Most of the time, emails contain information about the company to make the message more compelling. Imagine that all employees in a Human Resources department receive an email with a candidate’s resume. The new email contains a personalized message for each employee and provides elements for the interaction to look legitimate. This abuse of trust in place, employees open the attachment without knowing that it contains malicious software now able to infiltrate the entire network of the company.
And the cloud in all this?
According to studies in this field, it is estimated that 90% of companies have migrated to messaging in the Cloud. The most popular is the Microsoft solution included in Office 365 under the name of Exchange.
While computer security issues have been taken into account in these software suites, the fact remains that the technical analysis reveals that these solutions are not waterproof to sophisticated attacks, such as APT ( Advanced Persistent Threat ). Indeed, this type of attacks bypass the security systems in place and require specific layers of protection.
Another aggravating factor is the flip side of the multiplicity of services offered by these solutions. They not only offer messaging, but an instant messaging tool, collaborative tools, high-volume file sending services, and even telephony services integrated with business email. If they allow a great fluidity between services, they open equally easy to convey malicious programs. Messaging on all sides connected to services, to a directory, to telephony, becomes a hub towards unlimited access to other services and data, and therefore to a field of ever greater possible compromises. Confidentiality is difficult to ensure with such a level of sharing and collaboration.
How to protect yourself?
If it was already important to have a classification of the appropriate information and to derive the appropriate rights, this type of solution requires even more. Besides that, fortunately, the internet security technologies evolve too. To counter the so-called “Zero Day” threats, unknown to conventional antivirus or protection endpoints, artificial intelligence solutions that mark weak signals and other pre-attack behavior patterns, Feed in anticipation of later attacks, and in short, detect upstream if a mail is malicious or not.