Email Security Forecasts 2021: | Use Total Securit Software

It's that time of year when we make our predictions about the biggest email security threats to emerge over the next year. Security experts weigh the threats that will have the greatest impact on businesses in 2021. Using total security software can reduce the chance of security threats

6 Ways Hackers Target Companies

1. Thread hijacking will increase

Thread hijacking, a technique that played a major role in the wave of Emotet malware attacks that began in July 2020, is a formidable threat to email security that will become even more important.

“The technique,” ​​says Goutal, “is to use existing e-mail conversations with victims to forward them to new victims.” Tools like Outlook Scraper give Emotet gangs access to e-mail threads on infected people Computers. "Once they have gained access," says Goutal, "hackers intervene in threads and ask the recipient to click on a malicious link or open a malicious Word document."

According to Goutal, thread hijacking is very successful for two reasons: first, because the malicious email is being sent from a trusted sender (the user whose email is infected), and second because the context of the existing conversation makes the vigilance of the targeted recipient.

Additionally, Goutal says we can expect an increase in other advanced techniques used in Emotet campaigns, including techniques that bypass AV engines such as B. the code obfuscation of VBA macros in Word documents.

2. Remote image-based threats will push email security filters to their limits

"Hackers build on their success with image manipulation techniques to bypass email filters and are now using remote images to store malicious text," said Damien Riquet, a research engineer at Vade Secure. “In contrast to images embedded in an email, remote images must be accessed over a network,” says Riquet. Recognizing a remote image over a network is complex, time-consuming, and cannot be done in real-time. Here are some of the techniques hackers use to confuse email filters with remote images:

• Use unique URLs to make URL blacklisting inefficient
• Use multiple redirects to slow down the process of getting the image
• Use of obfuscation techniques to render the retrieval of the image ineffective
• Hosting the final malicious remote images on a highly regarded domain (wikipedia.com, github.com, etc.) so it is impossible to blacklist the final domain
• Less text in the image to make OCR (Optical Character Recognition) and NLP (Natural Language Processing) techniques less effective

While computer vision can analyze and extract relevant content from images, it is expensive, CPU intensive, and not widely used in commercial email filters, according to Riquet. "For this reason," says Riquet, "we can expect more hackers using remote images in 2021."

3. Hacked accounts will open up new opportunities

Hacked accounts are the focus of thread hijacking techniques in this year's Emotet attacks. But they're also being used in increasingly sophisticated ways, including in massive waves of spam.

"With stolen account credentials," says Gendre, "the spammer logs into the hacked user's account via IMAP to send the spam email." In one day, according to Gendre, Vade Secure discovered more than 300,000 spam emails that were delivered with hacked accounts. "This technique allows a hacker to bypass an e-mail filter completely, and it is very difficult to block it without correction options afterward," says Gendre. "The success we are seeing," he continues, "leaves no doubt that this threat and efforts to stop it will continue into 2021."

Also, Gendre expects this attack method, although largely aimed at consumers, will also emerge in the business customer market. “Microsoft 365 has around 200 million business users,” explains Gendre, “and the number is growing all the time. I firmly expect hackers to use Microsoft's API to bypass border security with this new method ”.

Organizations that rely on Microsoft 365 border security, including gateways, will not be able to stop these attacks. “A solution that is integrated into Microsoft via API is becoming a requirement. An email security solution built into Microsoft can remove malicious emails from inboxes after they have been delivered. Gateways and other types of border security cannot do that ”.

4. Business Email Compromise will spread globally

The rise of Business Email Compromise (BEC) and the difficulty of detecting it has led to new advances in content analysis using artificial intelligence. However, most algorithms have difficulty recognizing BEC in foreign languages.

“At the beginning,” says Goutal, “there was a lot of BEC in English and French. Now we see BEC in Italian, Spanish, German, Slovenian, etc. This is a problem because many security vendors only focus on the English language as they are US-based companies. ”

According to Goutal, most of the algorithms are “English first” so that they are naturally more powerful in their native language. “The providers have to deal with BEC in other languages,” says Goutal. “But,” he continues, “it does require a major update of your recognition engine. This is both times consuming and resources intensive. The resulting vacuum will lead to growth in foreign language BEC as providers struggle to catch up. Until then, I expect more BEC emails written in the target language. "

The BEC types are also increasing, according to Goutal. While most BEC scams have focused on CEO scams, gift card scams, and W2 harvesting, other types of scams have also emerged, including lawyer, payroll, and bank fraud.

Also, targeted BEC attacks will give way to broader attempts. BEC emails used to be addressed to key employees in certain departments such as accounting and HR. “That is changing,” explains Goutal. “Today, a single email can reach 20-30 employees in five minutes. I assume that this technology will develop further in the coming year ”.

While most BEC emails convey a sense of urgency to get the victim's attention, this will give way to more subtle messages, according to Romain Basset, director of channel sales at Vade Secure.

"Subtle inquiries are becoming more common," says Basset. "Well-formulated inquiries, such as Corporate news from HR or news about promotions and business trips appear more believable and won't trigger an alarm as quickly. The goal is to both start a conversation and trick the email filter. Once the conversation has started, many filters automatically whitelist the email so that all future BEC emails with the hacker remain undetected. "

5. When providers are imitated, trust in cloud services will be exploited

Used to receiving emails with Word, PowerPoint, and Excel attachments or links to shared Microsoft 365 documents, users trust Microsoft and other cloud services that they use the most. Even if an email is suspicious, curiosity is always aroused by an attachment. This leaves users extremely vulnerable to vendor counterfeiting, where a hacker masquerades as part of the supply chain.

“The fact that attackers can trust users - e. B. in phishing attacks - exploiting Microsoft services has proven the model for identifying business partners, which can be imitated in spear-phishing attacks, for example, ”explains EJ Whaley, Channel Sales Engineer at Vade Secure. “Instead of masquerading as CEO,” explains Whaley, “the accounts payable contact one of your suppliers does. I think we will continue to see more and more supply chain partners being copied ”.

6. Hackers - and corporations - get personal

Pandemic fatigue. Forest fires. Elections. Social tensions. The fear and stress of global events are taking their toll on people around the world. According to Riquet, hackers exploited this fact very effectively in 2020 and will continue to do so in the coming year. 

"We expect there will be more cyberattacks in 2021 that use psychological tricks on a variety of topics to exploit users' emotional weakness," said Riquet. The coronavirus fueled many of the current event-based email attacks in 2020, and with the pandemic now stretching into 2021, we expect this trend to continue.

"Event-based attacks are successful because millions of people around the world experience the same thing, good or bad," said Gendre. “They're so common that we developed a feature that allows our customers to search their email logs for threats based on recent events, including Black Friday and Coronavirus. Knowing that they are being targeted and how they can warn their customers and employees so that they can protect themselves from the threats. It's a kind of 'advance warning' you don't normally get when it comes to malicious emails ”.

Hackers aren't the only ones realizing the value of human behavior in cybersecurity. While humans are widely considered to be the weakest link in email security, they also become the last line of defense when a provider is unable to block an attack. "Because of this," said Basset, "vendors will increasingly move to a people-centered approach to cybersecurity in 2021."

Don't leave any loop point for hackers; protect your data with total security software

"Both vendors and end-user organizations now seem to understand that cybersecurity cannot rely on technology alone," he explains. “The end users are the targets, but they must also become allies.” While increased focus and investment on cybersecurity awareness is a start, solutions that enable users to influence the technology, including feedback Loops and automated awareness training, enable better detection and containment.