Is email really that dangerous?
Spoiler alert: yes.
Last month, here, we looked into phishing and some of the actions you could take to protect yourself. This month, we want to dive a little deeper into what makes email so dangerous, but also, what you can do to protect yourself and your company (because as bad email is, we still need it to get a lot of things done).
As we mentioned previously, 94% of malware was delivered via email1, and when you think of it, it is pretty logical, other attack vectors (like USB keys) require someone to buy the keys, infect them, find you, try to get the key in your hands and then try to persuade you to connect it. With email, they can send a million of them in a couple of minutes, and even if they have a one in a million chance of you opening one, well, that’s still one person for a couple of minutes of investment…
To understand the risk and why some of the protections methods from before are no longer effective, it is important to understand what has changed with malware (a.k.a. viruses, trojan, ransomware, adware, rootkits…) in the last couple of years. Malware used to be simpler, they had a specific binary signature that would be injected in a file and you could look for it (scan) and discover hidden malware to deal with it before you got infected. You had a “virus scanner” that would get updated regularly, would check all new and old files and keep you safe.
But how things have changed:
- First: there are now fileless malware, they never actually get written to disk, so they evade all previous generation anti-malware that are looking into files.
- Second: Malware is now polymorphic, it changes its signature every time it moves, so signature scanning is useless.
- Third: zero day attacks, it is so new that detection software cannot be updated to detect it
So what to do?
Use a new generation of anti-malware (a.k.a. Next Generation). The new products on the market are what are now called “behaviour” based anti-malware. They execute under the assumption that malware could be anywhere and watches for abnormal behaviour. For example, you receive an urgent email from an unknown customer that wants to place a large order. You open the attached PDF (many variants of malware hides in “regular” documents (pdf, docx, xlsx …)) and without you noticing, it (the PDF) starts downloading a second file, modifies your registry and scans your hard drive, that’s not “normal” behaviour for a PDF! So the Next Generation anti-malware stops those actions, quarantines the PDF and lets you know what happened.
Before we get back to email, I also want to introduce another cyber security concept: “defense in depth”.
The key of the concept is to have multiple layers of defense to stop attacks/malware before it even gets to your devices. Think of your classic medieval castle, it did not just have a door, it had moats, high walls, draw bridges… So the anti-malware running on your device (because you are running one, right?) is your last line of defense, whenever possible you want to stop everything before it gets to you. With email, this is actually easier since all emails need to go through a server before they get delivered to you and a minute or two of delay to make sure all is safe is acceptable.
So here is what a Next Generation email gateway solution looks like: all emails coming in (and optionally out) are analyzed. This gateway is usually a stop before your existing email solution (like Office 365 or G-Suite)
- All attachments are reviewed against a known good database (if that exact file, with that exact binary signature has already been tested, it gets the ok to move on)
- Unknown attachments are scanned with multiple signature based anti-virus (they miss things, but they are fast, so it is an easy step to detect the low-end malware)
- If the attachment still looks ok, it is then moved in to multiple “sandboxing” engine. Here we take the file and open it in a virtual environment made to look like a real device and see it does anything unexpected (bad behaviour). We recommend using multiple different sandboxing engines because newer malware also uses evading technics if they think they are in a sandbox.
- Then the URL (web links) in the email are checked to see if they could potentially connect to bad websites or infected files.
- And if all this looks good, the email is sent to your mailbox (and this usually all happens under 2 minutes).
So by using a proper Next Generation email gateway and using a newer behavior based Next Generation anti-malware on your devices, you dramatically increase your level of protection, but we will also tell you about a secret weapon that can save you from a lot of trouble: a telephone. If you receive an unexpected email from someone, especially with an attachment, call that person before you open it.
Lastly, if you receive an email with an encrypted zip file and they very graciously provided the password in the email, just delete it (and if you really (really) think it could be something you need, call the person first!).
Safe emailing everyone!
Loïc Calvez, ALCiT
1: Verizon Data Breach Investigations Report (DBIR) 2019)
Is Email Really that Dangerous?
Computer hacker stealing information with laptop
by Loïc Calvez, ALCiT
Is email really that dangerous?
Spoiler alert: yes.
Last month, here, we looked into phishing and some of the actions you could take to protect yourself. This month, we want to dive a little deeper into what makes email so dangerous, but also, what you can do to protect yourself and your company (because as bad email is, we still need it to get a lot of things done).
As we mentioned previously, 94% of malware was delivered via email1, and when you think of it, it is pretty logical, other attack vectors (like USB keys) require someone to buy the keys, infect them, find you, try to get the key in your hands and then try to persuade you to connect it. With email, they can send a million of them in a couple of minutes, and even if they have a one in a million chance of you opening one, well, that’s still one person for a couple of minutes of investment…
To understand the risk and why some of the protections methods from before are no longer effective, it is important to understand what has changed with malware (a.k.a. viruses, trojan, ransomware, adware, rootkits…) in the last couple of years. Malware used to be simpler, they had a specific binary signature that would be injected in a file and you could look for it (scan) and discover hidden malware to deal with it before you got infected. You had a “virus scanner” that would get updated regularly, would check all new and old files and keep you safe.
But how things have changed:
So what to do?
Use a new generation of anti-malware (a.k.a. Next Generation). The new products on the market are what are now called “behaviour” based anti-malware. They execute under the assumption that malware could be anywhere and watches for abnormal behaviour. For example, you receive an urgent email from an unknown customer that wants to place a large order. You open the attached PDF (many variants of malware hides in “regular” documents (pdf, docx, xlsx …)) and without you noticing, it (the PDF) starts downloading a second file, modifies your registry and scans your hard drive, that’s not “normal” behaviour for a PDF! So the Next Generation anti-malware stops those actions, quarantines the PDF and lets you know what happened.
Before we get back to email, I also want to introduce another cyber security concept: “defense in depth”.
The key of the concept is to have multiple layers of defense to stop attacks/malware before it even gets to your devices. Think of your classic medieval castle, it did not just have a door, it had moats, high walls, draw bridges… So the anti-malware running on your device (because you are running one, right?) is your last line of defense, whenever possible you want to stop everything before it gets to you. With email, this is actually easier since all emails need to go through a server before they get delivered to you and a minute or two of delay to make sure all is safe is acceptable.
So here is what a Next Generation email gateway solution looks like: all emails coming in (and optionally out) are analyzed. This gateway is usually a stop before your existing email solution (like Office 365 or G-Suite)
So by using a proper Next Generation email gateway and using a newer behavior based Next Generation anti-malware on your devices, you dramatically increase your level of protection, but we will also tell you about a secret weapon that can save you from a lot of trouble: a telephone. If you receive an unexpected email from someone, especially with an attachment, call that person before you open it.
Lastly, if you receive an email with an encrypted zip file and they very graciously provided the password in the email, just delete it (and if you really (really) think it could be something you need, call the person first!).
Safe emailing everyone!
Loïc Calvez, ALCiT
1: Verizon Data Breach Investigations Report (DBIR) 2019)
Launching ERBN Green Cannabis Co. with Farrell Miller
Next PostCan New Irish Government Deliver On Medicinal Cannabis? One-Year-Old Scheme Currently Has No Patients
BofC
Related Posts
Related Posts
Colorados Falling Sales Drives Boom in Lower Strength Cannabis Products
The continued decline of cannabis sales in Colorado is seeing a boom in lower THC cannabis products.
Legal Fight to Overturn Federal Cannabis Ban Faces Uphill Battle in Appeals Court
Ongoing legal efforts to overturn the federal prohibition of cannabis were heard in the US Court of Appeals this week...
Cannabis Rescheduling Hearing Set to Begin on January 21 for 6 Weeks, As Frustrations Over Process Continue to Build
MjBizCon Panelists Issue Cannabis Industry Predictions for 2025
US Cannabis Sales to Hit $32bn This Year as Industry Continues Record Growth
Trumps DEA Pick Becomes 2nd Nominee to Withdraw Nomination Abruptly
CONNECT
Related Posts
Related Posts
Colorados Falling Sales Drives Boom in Lower Strength Cannabis Products
The continued decline of cannabis sales in Colorado is seeing a boom in lower THC cannabis products.
Legal Fight to Overturn Federal Cannabis Ban Faces Uphill Battle in Appeals Court
Ongoing legal efforts to overturn the federal prohibition of cannabis were heard in the US Court of Appeals this week...
Cannabis Rescheduling Hearing Set to Begin on January 21 for 6 Weeks, As Frustrations Over Process Continue to Build
The Drug Enforcement Administration (DEA) has scheduled an official date for the highly anticipated public hearing on cannabis rescheduling, starting...
MjBizCon Panelists Issue Cannabis Industry Predictions for 2025
Hearings to reschedule marijuana began only this week, but the cannabis industry should look for the U.S. Drug Enforcement Administration to...
US Cannabis Sales to Hit $32bn This Year as Industry Continues Record Growth
The US cannabis industry is experiencing rapid growth, with retail sales projected to exceed $32bn in 2024 and wholesale sales...
Recent Posts
Related Posts
Retail therapy: Safety, education at stores need upgrades
For some retailers in regulated markets, it’s high time to improve the safety and education of staff after experiencing issues...
Understanding security requirements in cannabis
On this episode of BofC Live, we connect with Denis Adigamov, a Senior Consultant at CannDelta Inc. CannDelta is the...
How to think about cybersecurity as a cannabis retailers
On December 10, 2020, Torkin Manes LLP and Business of Cannabis hosted Cannabis Retail 2021 | A Look Ahead, a...
Critical steps to protect your IT and data
https://vimeo.com/471223239 This video was recorded as part of Business of Cannabis' event: Cannabis + Technology presented by CannaBusiness ERP from...
Unpacking data privacy and protection in the cannabis sector
https://vimeo.com/471225214 This video was recorded as part of Business of Cannabis' event: Cannabis + Technology presented by CannaBusiness ERP from...
Subscribe to our mailing list to receives daily updates!
We won’t spam you
Categories
Browse by Tags