Most hacks and data breaches start with a spear phishing attack that installs malware onto the system and then provides an entry point for hackers.
Recent high profile data breaches, including those suffered by Target, Anthem, Sony and even the White House, all started with a spear phishing attack. A spear phishing attack is a carefully crafted email targeted at specific individuals within an organisation that is engineered to look legitimate and fool even the most tech-savvy users. The email will usually have a malicious attachment or link that installs malware in order to attempt to gain system access.
Why are these spear phishing attacks so successful, time and time again? Why are large organisations unable to protect themselves against these attacks? The reason is because the attackers are highly skilled at crafting legitimate looking emails that are only sent to a small number of individuals, and are therefore not detected by regular spam filters. Also, many spear phishing attacks make use of unknown threats or zero-day vulnerabilities that not all anti-malware engines will be able to detect.
Beef Up Your Email Security
Since spear phishing emails are sent to only a small number of recipients, and sometimes use hacked email accounts, it is nearly impossible for an automated spam filter to distinguish these emails from legitimate ones. Using only one anti-malware engine to check for email threats will not provide enough protection against spear phishing attacks, since they often use unknown malware or try to bypass specific engines. Therefore, a more advanced approach is needed. Below are three methods that will greatly strengthen your email security defences against spear phishing:
#1 – Use Multi Anti-Malware Scanning:
Through the use of multi-scanning with multiple anti-malware engines, malware detection rates are significantly increased. Multi-scanning leverages the power of the different detection algorithms and heuristics of multiple engines, therefore increasing detection of both known and unknown threats, as well as protecting against attacks designed to circumvent particular antivirus engines.
In addition, since anti-malware vendors address different threats at different times, using multiple scan engines will help detect new outbreaks much faster. It is important to distinguish between multi-scanning and simply using multiple antivirus engines. When using multi-scanning technology, performance is greatly enhanced and potential conflicts between different engines are avoided.
#2 – Sanitise Email Attachments:
#3 – Limit Email Attachment Types:
By blocking potentially dangerous email attachment types such as .exe files and scripts, it is more difficult for malware to spread. It is also important to verify the attachment file type, so that .exe files that are renamed as .txt files do not get through the company’s filters.
In addition to improving your email security measures, you must also make sure that your employees are aware of possible spear phishing attacks. A warned employee might be able to spot that something is out of the ordinary. Finally, if you make sure that your data is segregated and encrypted, even if the attackers get an employee to click on a malicious email attachment, data encryption, and segregation can ensure that your data is still safe, regardless of the intrusion.
Mike Spykerman is VP at OPSWAT
Are you a security pro? Try our quiz!
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…