Cyber Criminals Like Email, And Even More So From The Cloud
The email remains the vector of attack n ° 1
The number 1 attack vector is and still is the messenger. And it is no coincidence that so many reports on the threat, published by professional publishers of digital security, make mention of it. “According to an analysis by IBM Security, the number of emails containing a ransomware has increased by 6,000% between 2016 and 2017.” And the flight does not stop there since the last report of Vade Secure notes an extraordinary growth of phishing. “In January 2018, it is 200 million phishing detected more than in December that had 25 million. The 1st quarter of 2018 has an additional volume of 550 million. ”
The risk is, therefore, greater today than ever. This might seem antithetical to the fact that the attack surfaces are multiplying, like the connected objects, and that one might think to attend a more smooth distribution between them. Nevertheless, by its capacity to generate strong impacts on a large scale, the mall remains the attack channel par excellence.
Typologies of attack always more diverse
The ransomware, real hostage on data redistributable against ransom, or phishing which, remember it takes the form of an email containing a link to a fraudulent site in order to push the targeted victims to communicate sensitive information (number blue card, login credentials, personal data …), are two typical examples of rather simple and rapidly profitable technical activities. But other attacks have appeared.
Cousin, “the Spear Phishing” is more targeted since instead of targeting a few thousand or tens of thousands of people, the attack targets a clearly identified person to extract specific information, as in the case for exampled a fraud to the President.
More recently, soft target phishing has appeared. It combines these two previous modus operandi to target typologies of people working in a given sector, such as accounting. Most of the time, emails contain information about the company to make the message more compelling. Imagine that all employees in a Human Resources department receive an email with a candidate’s resume. The email contains a personalized message for each employee and provides elements for the interaction to look legitimate. This abuse of trust in place, employees open the attachment without knowing that it contains malicious software now able to infiltrate the entire network of the company.
And the cloud in all this?
According to studies in this area, it is estimated that 90% of companies have migrated to cloud couriers. The most popular is the Microsoft solution included in Office 365 under the name of Exchange.
While security issues have been taken into account in these software suites, the fact remains that the technical analysis reveals that these solutions are not waterproof to sophisticated attacks, such as APT (Advanced Persistent Threat). Indeed, this type of attacks bypass the security systems in place and require specific layers of protection.
Another aggravating factor is the flip side of the multiplicity of services offered by these solutions. They not only offer messaging, but an instant messaging tool, collaborative tools, high-volume file sending services, and even telephony services integrated with business email. If they allow a great fluidity between services, they open equally easy to convey malicious programs. Messaging on all sides connected to services, to a directory, to telephony, becomes a hub towards unlimited access to other services and data, and therefore to a field of ever greater possible compromises. Confidentiality is difficult to ensure with such a level of sharing and collaboration.
How to protect yourself?
If it was already important to have a classification of the appropriate information and to derive the rights inadequacy, this type of solution requires even more. Besides that, fortunately, the security technologies evolve too. To counter the so-called “Zero-day” threats, unknown to conventional antivirus or endpoint protection, artificial intelligence solutions that detect weak signals and other pre-attack behavioral patterns, feed on them to anticipate attacks. later, and basically identify upstream if a mail is malicious or not.Tags: dell