Demystifying Spear Phishing

Spear phishing is the new kid on the block which has been giving sleepless nights to email security folks. Spear Phishing is a specialized and more targeted type of phishing attack. Traditional phishing attacks are one-to-many types, which are usually conducted by sending malicious emails to as many people as possible. Such emails appear to come from trusted sources like your bank, or some other online utility service and they contain links to deceptive sites which make victims reveal their passwords, sensitive account information, confidential pins, etc. Sometimes the phishing message try to lure the victims into opening infected attachments which once opened can seize control over victim’s device and harvest sensitive information stored on the device.

The bait – malicious URL or attachment

The modus operandi of Phishing attacks is to cast a wide net. Phishers seem to spread their enticements all over and don’t care what kind of fish they catch – as long as the victims take the bait, they can infiltrate and cause the damage. In contrast to the mass email approach of Phishing, Spear Phishing is a targeted attack or rather one-on-one, where the Phisher creates a fake narrative or impersonates a trusted person and establishes a conversation with the victim. Only later does the Spear Phisher request confidential credentials or sends a malicious URL/attachment. Though the end goals of Phishing and Spear Phishing are the same, the tactics employed by the two vary.

Social Engineering & Research

Spear Phishers do a lot of research about the intended victim before crafting their first message. They study the social media profiles like Linkedin, Facebook, etc. of the victim and try to build a profile around the victims work and general life. The chosen victims are ones who have access to some sensitive information about their organization like intellectual property, bank passwords, etc. The Phisher sends an email to the victim which seems to come from a colleague or business associate. The first few interactions do not contain any link or attachments, hence are difficult to be detected by anti-spam and anti-virus filters. After a few interactions, the Phisher either sends a link to the victim that can infect his machine with a spyware or sometimes even drives the victim to share some IP or transfer money to his account, citing an extraordinary situation.

Real life examples

  • The business impact of Spear Phishing attacks can be devastating. In 2014, Sony Pictures faced a huge reputation damage when private email were exchanged between executives revealing embarrassing comments about famous people. The studio lost control of complete, unreleased movies, which fell into the hands of digital pirates. The company had to incur a cost of around $8 million to settle lawsuits with employees who were forced to protect their identities from the theft.
  • In 2015-16, the Russian cyber espionage group Fancy Bear allegedly committed one of the more famous spear phishing campaigns and infiltrated the Democratic National Convention in USA to steal emails. The Russians had gained access not only to email systems but also to backup servers, VOIP calls, and chats. Between repairing and replacing equipment and hiring experts to manage the fallout, the expense was over a million dollars.

Conventional Anti Spam filters derive signatures, recurring patterns & phishing URLs by using information from previously identified threats. This arrangement was successful in fighting mass spam emails – which threatened to make email unusable. However, email security based on signature and recurring patterns is completely ineffective in identifying the ‘one-off targeted Spear Phishing attacks’. The first few emails sent by Spear Phishers do not contain any attachments or links, thus go undetected by spam filters. The Spear Phishers intention is to build a trust with the victim. Phishers usually send emails from legitimate email addresses having good reputation and spoof the display name. Victims get deceived and take the received emails at face value. They do not bother to check the actual email address of the sender which may reveal the hoax. Since Spear Phishing emails spoof the display name and not the actual email address, they are not filtered by DMARC, which relies on policies enforced by senders with respect to their domain names.

Considering the risks of opening and reacting to Spear Phishing emails it is important to educate your users to be vigilant. Here are some tips to that can help protect your users from Spear Phishing:

  1. Be judicious while posting your personal information on social media.
    Hackers use social engineering techniques as a first step to gather information about victims.
  2. Do not hesitate to check with the sender if you are not sure about the authenticity of an email.
    Impersonation by manipulating the display name of a sender is a common ploy used by hackers. To counter the familiarity exploit, your users should not hesitate to check the authenticity of the email with the sender. This is even more so decisive when the email seems to come from someone familiar and makes some request that seems out of the ordinary.
  3. Check before you click.
    Hackers hide malicious URLs in emails behind URLs that look genuine. Educate your users to hover over the hyperlink to see the destination URL first and if not familair then do not click.

The above behavior based approach is easier said than done.  Sooner or later, someone will click on something that will expose your systems to a breach. Using the right endpoint protection, one that assists in doing this behavior analysis helps. The Rediffmail Enterprise integrated Spear Guard filter uses artificial intelligence consisting of machine learning and predictive heuristic rules to identify and block Spear Phishing attacks even in their initial stages and also saves you from the inconvenience of dealing with multiple vendors to protect your email  infrastructure.

 

 

 

Secure, Cloud based Enterprise Email Solution for Businesses and Professionals from the popular Rediffmail service

Top 8 things to choosing your Business Email service

ESP

Email is the backbone of any business and managing it well has become mission critical for the company. Gone are the days when SMEs fret over their changing email needs and availability of the email solutions that just fit your growing organisational needs. Large organisations no longer considered that on-premise hosted email solutions is the only option for confidentiality, control and better management of mails, and they do realize that it is just a  ‘white elephant solution’. Today with the right cloud based email solutions, businesses Small, Medium or Large  can focus more on their core business than spend time on their email solutions.

Here are the top 8 things that SMEs and large corporate must consider before choosing a business solution:

  • 1. Cloud based email solution provider Cloud based email services have become increasingly popular over the past few years and we have come across several entities using them successfully for their business. The advantages provided by having hosted email solutions stand to benefit small-medium enterprises the most. There are no hard decisions involved since the amount of investments is very minimal and absolutely no hassle of deploying resources to manage these services. The costing model is also simple and straight forward which would help businesses manage their cash flow better and focus on their core activity. To conclude, Cloud based Email stands a good bet for small to medium enterprises to adopt with little risk.
  • 2. High availability Ask any business leader what he feels is an acceptable amount of email downtime, and he will most likely respond with, “None!” But if you share with him the additional investment required to further ensure that high bar of email availability, he’ll likely revise that answer. Certain industries like financial services, where downtime translates very clearly into lost profits, are typically more likely to prioritize uptime. In addition, uptime can’t be measured by the availability of the email server alone. Email is as good as down if the antivirus filtering hangs and prevents delivery or a mobile email service fails and employees don’t get emails on their smartphones.
  • 3. Assess your mail box requirements Get an idea of the total number of mailbox needed currently and in near future. Also consider the email storage requirements. Mailbox sizes have been steadily increasing over the years, with 36% falling between 500 MB and 999 MB but still not at the rate employees would like — nearly 80% of companies regularly receive complaints that their employees’ mailbox sizes are too small. Cloud-based providers typically offer much larger storage quotas at a much more attractive price than organizations can do for themselves.
    For a SMEs 2 GB (That is about 100,000 emails of average email size 50KB) would be good to start with but for medium size organisations 5 GB would be a better option. For larger enterprises 25 GB recommended as it completely shields from storage growth requirements.
  • 4. Multiple the point of access Look for a business email solution that allows multiple points of access. With Internet access on multiple devices becoming a norm, it is imperative that your mail is accessible from any device. This keeps your employees, be it in the office or out in the field always in touch with their office emails 24×7.
    Web-mail client: Use this from anywhere as long as you have a browser. Web clients for email access have evolved significantly and incorporate much more than basic features. Mobile: For popular platforms such as Android, Windows, iOS and Blackberry, via applications that is usually free to download. Desktop clients: Access your business email using desktop installed clients like Outlook and Thunderbird or on mobile devices such as Blackberry and tablets like the Apple iPad. Features enabling such a access are POP (Post Office Protocol), SMTP (Simple Mail Transfer Protocol) and IMAP (Internet Message Access Protocol) on a secured connection via SSL encryption. Also look for device synchronization. You take an action on one device and it is synchronized across all for e.g. you add a calendar event on PC, you can also see it and even edit it on mobile. Also resume from where you left on another device.
  • 5. Powerful admin controls For SMEs an easy to use control panel that allows managing the email service of your company is needed – Adding email IDs of new employees; deleting the IDs of the ones who have left. When an employee leaves the company, you can withdraw the email id assigned to him so that the emails remain with you. Also make sure you can remotely manage the security of your company data by restricting access and controlling the incoming & outgoing mails. For larger corporate, you may need your email administrators to set password policy, send newsletters to employees, assign privileges, create user groups and use many more such useful tools to manage the service efficiently. Also as an administrator of your office mail you need a continuous report of how your employees are using the email service. This will help you to control the usage and costs.
  • 6. Security Since security is an inherent requirement of any business email, we provide a secure login to the mail service using ‘https’, where ‘s’ stands for secured. This ensures that no unauthorized entity can intercept your information without your consent. Look for the email solution provider’s guarantee on virus protection against unwanted spam and malicious viruses.
  • 7. Archiving Storing a copy of emails from important email accounts into an archival mailbox prevents data loss is important for Large enterprises. Providing archiving often incurs added cost in providing email for each employee. Not all employees carry the same archiving requirements, but some companies tend to think of archiving as an all-or-nothing decision for their workforce.
  • 8. Support options Make sure your business email provider allows multiple support options via email and customer support & technical experts helpline including advanced support with escalation matrix and SLA.

Rediffmail Enterprise is an Award winning cloud based email solution provider for Small, Medium and Large size customers that delivers high availability, high security and responsive customer support.

Secure, Cloud based Enterprise Email Solution for Businesses and Professionals from the popular Rediffmail service

Why Cloud Based Email Solution?

Cloud Based Email

Getting a Cloud Based Hosted Email Solution for your Business has it’s own advantages –

Enterprise Email Solution provider Experts

Reputed cloud based service providers are those who have been managing email services of large and small corporates since Y2K. Their email platform is built by reputed players from scratch thus they have complete know how of entire email architecture. They are part of many government and technical committees which defines policies regarding email transmission in India.

Robust infrastructure

Hosted Email Service is built with the goal of providing reliable email and messaging services, an appropriate capacity, and redundant components, all hosted within a secure data centre. robust and redundant network infrastructure helps cloud based email provider to deliver mails with minimum latency and ensure up time up to 99.9%.

SPAM control

Messaging anti abuse working group (MAAWG) is an international organization responsible for addressing messaging abuse holistically by knowledge sharing, industry collaboration and public policy. Large players are representative of MAAWG from India and have contributed to address issues relating to SPAM originating from India.

Their multi-layered SPAM filtering mechanisms helps us to filter out up to 99.9% of SPAM messages and known viruses trying to reach user’s inbox.

Enterprise grade admin control

As an administrator of emails on your domain, you can take complete control of email transactions on your domain by defining domain or user level policies and restrictions. The features such as bulk user management, password security policies, mailing to list with controls, branding, global address book sync on outlook 2007 and 2010, etc. are not available with most of the hosted email service providers. You don’t need to certify but does help!

Mail on mobile
With cloud based mobile application which works on most phones, you are able to read your mails, view attachments, respond by replying and forwarding mail. Your actions on the mobile, like replying to a mail, will also be reflected on your PC. Moreover using this application you can get new mail notification on your mobile. On Android phones, you can access your mails even if you are not connected to internet. Using an cell provider for relaying office mails only add another layer of complexity

Customer support
Team of expert customer support executives email and phone based support to their customers. Predefined SLAs with escalation matrix helps the speedy resolution of customer queries. It’s possible to get users to lodge call with cloud based service provider rather than internal helpdesk whose core competency may be limited

And have time limitation in an online world where mails need to work 24*7*365.

Spend s/cost/RoI/licensing/compliance/Capex vs. Opex Cost

Typical cost components of on premise email services in office environment:

  • Cost of Hardware
  • Cost of operating system
  • Cost of storage
  • Cost of power
  • Cost of being compliant
  • Cost of operations manpower
  • Cost of security (antivirus/antispam/ security)
  • Cost of having mail delivered on mobile devices
  • Cost of licensed client software
  • Cost of helpdesk to operate email

In a Cloud based scenario one has to spend only subscription cost which is hundreds of rupees as compared to spending in lakhs (INR).

Only cost could be client software outlook which is normally built in TCO of PC when bought.

Do not get bandied, the way ahead on the road to be taken, is the cloud way. IT dept needs to align with line of business for a fee with a cloud service provider, as there is no such thing as free lunch.

Backup Before You Pack Up – Press a Few Buttons

Gone are the days where one would file and store things in order such as files, mails etc. while computing to retrieve it later.

Today with blizzard of emails back and forth and polarization of content all over, thanks to cloud email providers IT department need not worry about it end users mails being deleted accidentally or incidentally. Thanks to facility of auto archival and features like background forward, each outgoing and incoming emails can be backed up and restored on demand.

As we become more sophisticated we tend to become less reliable only with process and facility with a rock solid email service provider, IT can be rest assured to meet the compliance and I.T.G.C for business needs, rear view to peep back in time and pull out those exit users mails or errant employees mails, to keep business continuity on and address created issues is fantastic facility. Time taken to store on cloud and restore is in minutes as compared to using traditional backup and archiving system – a great boon to keep the lights only when needed.

Cloud based email provider can provide emails as DR/BCP as a Service to address the Business Objectives of continuity help IT deliver on IT services when business needs it as of yesterday.

Almost 70% of information is stored in email systems of corporate’s. When one has mails on cloud, one can archive, retain and retrieve mails without hassles.

In an organisation, one does not know when the demands come from Top Management to restore that mail box. Hence, a facility provided by hosted email provider of an advanced search & retrieval system helps a lot. Also, it protects your enterprise against any potential litigation by ensuring on-demand discovery of emails.