An organization’s security is only as good as its weakest link
By Daniel Hofmann, CEO, Hornetsecurity
With work from home and hybrid work arrangements on the rise, employers are increasingly aware of the need for a robust, comprehensive cloud security solution to ensure security and data protection across all the devices used by an employee to get work done.
An organization’s security is only as good as its weakest link: all it takes is an unwitting or distracted user to fall prey to a cyberattack and unleash untold damage upon the organization. While it is easy to ask colleagues about a dubious email when working in the same room or meeting at the watercooler, being remote can hinder that sort of check-in, rendering organizations and their data far more vulnerable. And there is a hefty price to pay: The average total cost of a breach, estimated to be $4.24m, increased by $1.07m where remote work was a factor in causing the breach, according to a recent report from the Ponemon Institute.
As a result, the accelerating home-working/hybrid working trend has fueled awareness of the need to go back to basics and educate employees on the dangers of cyber-attacks – no matter how obvious these might seem to those in the know. Here’s a quick look at the security vulnerabilities a remote workforce must be vigilant about.
The ongoing spam problem
Spam, or unwanted email, has been around for years. Yet it still accounts for some 45% of all email traffic. Unsolicited email isn’t just an expensive timewaster, causing employees to plough through loads of unnecessary emails just to find – or possibly, miss – the ones relevant to their work. It also remains a conduit for email threats, such as CEO fraud, spear phishing or attacks with new types of malware, some of which may as yet be unknown.
This area keeps evolving too: To overcome the increasing use of spam and virus filters, malware creators are very inventive and apply novel tactics to keep ahead of the game, with the goal of getting recipients to fall for their emails.
Phishing emails and extortion
Hackers also vary the content and presentation of their malicious emails to try to get around virus and spam filters. Phishing, business email compromise (BEC), brand impersonation and ransomware are just a few of the attack tactics used to reach their victims’ inboxes undetected – and they often do so with success. When it comes to BEC and email account compromise (EAC), for example, the FBI’s Internet Crime Complaint Center, or IC3, received 23,775 complaints in 2019 alone, with adjusted losses exceeding $1.7bn.
Phishing emails, which masquerade as being sent by a trusted entity, are and will remain one of the most prevalent attack tactics. Hackers use this social engineering methodology to trick the recipient into opening an email and their aim is to obtain all kinds of sensitive data – from login credentials to credit card information.
Extortion is also extremely widespread among cybercriminals, and a recurrent form of these kinds of this attack is the “sextortion” email. Here, victims receive an email claiming that their computer was compromised while they were visiting a pornographic website and a video was recorded. To keep the video from being published online, the victim is asked to pay a ransom. The FBI 2019 Internet Crime Report revealed that victims of sextortion lost roughly $107.5m that year.
Archive files used to spread malware
As another ploy to avoid detection by their victims’ spam and virus filters, cybercriminals like to use archive files to hide malware in their email attacks. A recent study by Hornetsecurity showed that in 2021, archive files were the most popular way to spread malware. In this type of attack, the executable malware or malware-infected document is compressed and attached directly to the attacking email. The attacker’s hope here is that the target email system will not be able to scan the compressed attachments.
Less experienced criminal actors often use this technique because it requires no technical knowledge.
In many cases, cybercriminals used HTML files in their attack emails. In a phishing email, the phishing website is attached directly to the email as HTML, which is designed to circumvent URL filters and lure victims to the malicious websites to download the malware without suspecting a thing. As the email does not contain a clickable URL, this attack is even more surreptitious.
Ransom leaks: trend takes on greater dimensions
Ransom leaks have quickly become a common cybercriminal approach. These are an extension of ransomware attacks, which consistently hit the headlines, not least because the cost of the average total ransomware breach equals $4.62m, according to Ponemon Institute’s “Cost of a Data Breach Report 2021”.
Ransomware is a form of attack that encrypts files and systems on a device, rendering them useless; these are accompanied by a ransomware note from malicious actors who demand payment to decrypt the files.
In ransom leak attacks, sensitive data is first copied and then encrypted. If the targeted victim refuses to pay ransom for decryption, the cybercriminals threaten to publish the copied data on their so-called leak websites. The hacker group behind the Conti ransomware is the most industrious and holds published data from 320 victims.
Based on the developments observed in the “as a service” market in the darknet, experts assume that in the future, cybercrime will increasingly stem from highly professional cybercriminals. Ransomware-as-a-service – where affiliates pay to access illicit ransomware tools and use them to run attacks of their own– continues to be a major issue here. The evolution of this criminal approach poses an ever-increasing threat to enterprises, public institutions such as hospitals, and governments as well.
Cybercriminals’ focus on Microsoft 365
As Microsoft 365 has become one of the collaboration environments most widely used by businesses, the platform has become a particular focus for cybercriminals.
A recent email security survey by Hornetsecurity of more than 420 companies that use Microsoft 365 for their email communications found that 1 in 4 had fallen victim to an email security vulnerability at least once. For the most part, these could be traced back to phishing emails that found their way into users’ inboxes.
As Microsoft 365 continues to proliferate as one of the most used cloud applications in the business space, hacking attacks on users are also expected to continue to rise drastically.
Counteracting the weakest link
Knowledge is power and awareness-building is essential. However, to eradicate the threat posed by the weakest link, a company’s best bet is to entrust its email security to an always-on, automated, high-performance solution built by reputable experts. That way, regardless of how it works and where its employees are located, a company can enjoy peace of mind while focusing on its core business.
About the Author
Daniel Hofmann is CEO of Hornetsecurity. He has been an independent entrepreneur and security industry influencer since 2004. In 2007, Daniel founded the company antispameurope in Hannover, Germany. He developed services for secure email communication, including spam and virus filters. Due to the expanded product range, the company was renamed Hornetsecurity GmbH in 2015. Hornetsecurity under his guidance has developed a comprehensive portfolio of managed cloud security services that serves customers worldwide with offices in Europe and the USA. As managing shareholder, Hofmann is responsible for strategic corporate development.
Daniel can be reached online at firstname.lastname@example.org, https://www.linkedin.com/in/daniel-hofmann-266609167/, https://twitter.com/hornetsecurity and at our company website http://hornetsecurity.com/