Is email really that dangerous?
Spoiler alert: yes.
Last month, here, we looked into phishing and some of the actions you could take to protect yourself. This month, we want to dive a little deeper into what makes email so dangerous, but also, what you can do to protect yourself and your company (because as bad email is, we still need it to get a lot of things done).
As we mentioned previously, 94% of malware was delivered via email1, and when you think of it, it is pretty logical, other attack vectors (like USB keys) require someone to buy the keys, infect them, find you, try to get the key in your hands and then try to persuade you to connect it. With email, they can send a million of them in a couple of minutes, and even if they have a one in a million chance of you opening one, well, that’s still one person for a couple of minutes of investment…
To understand the risk and why some of the protections methods from before are no longer effective, it is important to understand what has changed with malware (a.k.a. viruses, trojan, ransomware, adware, rootkits…) in the last couple of years. Malware used to be simpler, they had a specific binary signature that would be injected in a file and you could look for it (scan) and discover hidden malware to deal with it before you got infected. You had a “virus scanner” that would get updated regularly, would check all new and old files and keep you safe.
But how things have changed:
- First: there are now fileless malware, they never actually get written to disk, so they evade all previous generation anti-malware that are looking into files.
- Second: Malware is now polymorphic, it changes its signature every time it moves, so signature scanning is useless.
- Third: zero day attacks, it is so new that detection software cannot be updated to detect it
So what to do?
Use a new generation of anti-malware (a.k.a. Next Generation). The new products on the market are what are now called “behaviour” based anti-malware. They execute under the assumption that malware could be anywhere and watches for abnormal behaviour. For example, you receive an urgent email from an unknown customer that wants to place a large order. You open the attached PDF (many variants of malware hides in “regular” documents (pdf, docx, xlsx …)) and without you noticing, it (the PDF) starts downloading a second file, modifies your registry and scans your hard drive, that’s not “normal” behaviour for a PDF! So the Next Generation anti-malware stops those actions, quarantines the PDF and lets you know what happened.
Before we get back to email, I also want to introduce another cyber security concept: “defense in depth”.
The key of the concept is to have multiple layers of defense to stop attacks/malware before it even gets to your devices. Think of your classic medieval castle, it did not just have a door, it had moats, high walls, draw bridges… So the anti-malware running on your device (because you are running one, right?) is your last line of defense, whenever possible you want to stop everything before it gets to you. With email, this is actually easier since all emails need to go through a server before they get delivered to you and a minute or two of delay to make sure all is safe is acceptable.
So here is what a Next Generation email gateway solution looks like: all emails coming in (and optionally out) are analyzed. This gateway is usually a stop before your existing email solution (like Office 365 or G-Suite)
- All attachments are reviewed against a known good database (if that exact file, with that exact binary signature has already been tested, it gets the ok to move on)
- Unknown attachments are scanned with multiple signature based anti-virus (they miss things, but they are fast, so it is an easy step to detect the low-end malware)
- If the attachment still looks ok, it is then moved in to multiple “sandboxing” engine. Here we take the file and open it in a virtual environment made to look like a real device and see it does anything unexpected (bad behaviour). We recommend using multiple different sandboxing engines because newer malware also uses evading technics if they think they are in a sandbox.
- Then the URL (web links) in the email are checked to see if they could potentially connect to bad websites or infected files.
- And if all this looks good, the email is sent to your mailbox (and this usually all happens under 2 minutes).
So by using a proper Next Generation email gateway and using a newer behavior based Next Generation anti-malware on your devices, you dramatically increase your level of protection, but we will also tell you about a secret weapon that can save you from a lot of trouble: a telephone. If you receive an unexpected email from someone, especially with an attachment, call that person before you open it.
Lastly, if you receive an email with an encrypted zip file and they very graciously provided the password in the email, just delete it (and if you really (really) think it could be something you need, call the person first!).
Safe emailing everyone!
Loïc Calvez, ALCiT
1: Verizon Data Breach Investigations Report (DBIR) 2019)
Is Email Really that Dangerous?
Computer hacker stealing information with laptop
by Loïc Calvez, ALCiT
Is email really that dangerous?
Spoiler alert: yes.
Last month, here, we looked into phishing and some of the actions you could take to protect yourself. This month, we want to dive a little deeper into what makes email so dangerous, but also, what you can do to protect yourself and your company (because as bad email is, we still need it to get a lot of things done).
As we mentioned previously, 94% of malware was delivered via email1, and when you think of it, it is pretty logical, other attack vectors (like USB keys) require someone to buy the keys, infect them, find you, try to get the key in your hands and then try to persuade you to connect it. With email, they can send a million of them in a couple of minutes, and even if they have a one in a million chance of you opening one, well, that’s still one person for a couple of minutes of investment…
To understand the risk and why some of the protections methods from before are no longer effective, it is important to understand what has changed with malware (a.k.a. viruses, trojan, ransomware, adware, rootkits…) in the last couple of years. Malware used to be simpler, they had a specific binary signature that would be injected in a file and you could look for it (scan) and discover hidden malware to deal with it before you got infected. You had a “virus scanner” that would get updated regularly, would check all new and old files and keep you safe.
But how things have changed:
So what to do?
Use a new generation of anti-malware (a.k.a. Next Generation). The new products on the market are what are now called “behaviour” based anti-malware. They execute under the assumption that malware could be anywhere and watches for abnormal behaviour. For example, you receive an urgent email from an unknown customer that wants to place a large order. You open the attached PDF (many variants of malware hides in “regular” documents (pdf, docx, xlsx …)) and without you noticing, it (the PDF) starts downloading a second file, modifies your registry and scans your hard drive, that’s not “normal” behaviour for a PDF! So the Next Generation anti-malware stops those actions, quarantines the PDF and lets you know what happened.
Before we get back to email, I also want to introduce another cyber security concept: “defense in depth”.
The key of the concept is to have multiple layers of defense to stop attacks/malware before it even gets to your devices. Think of your classic medieval castle, it did not just have a door, it had moats, high walls, draw bridges… So the anti-malware running on your device (because you are running one, right?) is your last line of defense, whenever possible you want to stop everything before it gets to you. With email, this is actually easier since all emails need to go through a server before they get delivered to you and a minute or two of delay to make sure all is safe is acceptable.
So here is what a Next Generation email gateway solution looks like: all emails coming in (and optionally out) are analyzed. This gateway is usually a stop before your existing email solution (like Office 365 or G-Suite)
So by using a proper Next Generation email gateway and using a newer behavior based Next Generation anti-malware on your devices, you dramatically increase your level of protection, but we will also tell you about a secret weapon that can save you from a lot of trouble: a telephone. If you receive an unexpected email from someone, especially with an attachment, call that person before you open it.
Lastly, if you receive an email with an encrypted zip file and they very graciously provided the password in the email, just delete it (and if you really (really) think it could be something you need, call the person first!).
Safe emailing everyone!
Loïc Calvez, ALCiT
1: Verizon Data Breach Investigations Report (DBIR) 2019)
Launching ERBN Green Cannabis Co. with Farrell Miller
Next PostCan New Irish Government Deliver On Medicinal Cannabis? One-Year-Old Scheme Currently Has No Patients
BofC
Related Posts
Related Posts
US Hemp Production Saw Near 20% Increase In 2023
Hemp production in the US rose by nearly 20% last year, following a difficult 2022 for the industry, which experienced...
Hopes Of Tax Relief For Canadian Cannabis Industry Dashed As Budget Reveals No Changes
Hopes of tax relief for Canada’s cannabis industry were derailed yesterday as the country’s Federal Budget 2024 revealed excise taxes...
Cannabis Rescheduling Review ‘Now With The DOJ’ Says White House Press Secretary
Colorado Cannabis Sales Fall Again In February, As Industry Struggles To Offset Decline
Tyson 2.0 Partners With PHCANN As It Becomes Latest US Cannabis Company To Target German Market
Head Of US FDA Says ‘No Reason’ DEA Should Delay Cannabis Rescheduling
CONNECT
Related Posts
Related Posts
US Hemp Production Saw Near 20% Increase In 2023
Hemp production in the US rose by nearly 20% last year, following a difficult 2022 for the industry, which experienced...
Hopes Of Tax Relief For Canadian Cannabis Industry Dashed As Budget Reveals No Changes
Hopes of tax relief for Canada’s cannabis industry were derailed yesterday as the country’s Federal Budget 2024 revealed excise taxes...
Cannabis Rescheduling Review ‘Now With The DOJ’ Says White House Press Secretary
The White House Press Secretary, Karine Jean-Pierre, has suggested that the Department of Justice could now have the final say...
Colorado Cannabis Sales Fall Again In February, As Industry Struggles To Offset Decline
Colorado’s cannabis sales have fallen for a second consecutive month, as the state’s cannabis market continues its decline. According to...
Tyson 2.0 Partners With PHCANN As It Becomes Latest US Cannabis Company To Target German Market
Mike Tyson’s cannabis brand, Tyson 2.0, has become the latest North American company to target European expansion following Germany’s landmark...
Recent Posts
Related Posts
Retail therapy: Safety, education at stores need upgrades
For some retailers in regulated markets, it’s high time to improve the safety and education of staff after experiencing issues...
Understanding security requirements in cannabis
On this episode of BofC Live, we connect with Denis Adigamov, a Senior Consultant at CannDelta Inc. CannDelta is the...
How to think about cybersecurity as a cannabis retailers
On December 10, 2020, Torkin Manes LLP and Business of Cannabis hosted Cannabis Retail 2021 | A Look Ahead, a...
Critical steps to protect your IT and data
https://vimeo.com/471223239 This video was recorded as part of Business of Cannabis' event: Cannabis + Technology presented by CannaBusiness ERP from...
Unpacking data privacy and protection in the cannabis sector
https://vimeo.com/471225214 This video was recorded as part of Business of Cannabis' event: Cannabis + Technology presented by CannaBusiness ERP from...
Subscribe to our mailing list to receives daily updates!
We won’t spam you
Categories
Browse by Tags