2017 Annual Cybersecurity Report: Part 2

31st July 2017

Part. 2 – eMail

Spam.  We all hate it (unless you’re a Monty Python fan) but it’s still an issue.  Over the internet it accounts for nearly 70% of total email traffic and this percentage is steadily increasing as kits become freely available to help craft and deliver spam.

This is just another of the many findings in the Cisco 2017 Annual Cybersecurity Report, a survey that was conducted over 13 countries and had close to 3000 responses.

Of that spam traffic, around “8 to 10 % […] could be classified as malicious”.  This percentage is growing even faster as the bad guys find more innovative ways to get that click through response.  Many mail providers and ISP’s do a great job in spotting and removing messages based on “bad reputation scores” known senders or known compromised networks.  However, by changing headlines, content and file types it makes these threats more difficult to detect and remove.  As an example, Windows Script Files (.wsf) was hardly seen as an attachment type in 2016 but it made up nearly a quarter of all malicious spam by July 2016.  Prior to that it was Javascript (.js) files.

Another trend noted in the report was different spamming techniques, and two in particular, referred to as Hailstorm or Snowshoe both of which try to overwhelm a mail systems checking process and both of which are described in the report as “highly effective”.

So who’s at risk?  Everyone.  It’s often a case that one industry is more vulnerable or more attacked but spam and malware seems to be industry agnostic.  The graphic (Figure 21 in the report) seems to show that, overtime, no one is safe.

The increasing use of mobile to read email makes them particularly vulnerable and there has been a steady increase in malware targeting Android, iPhone and (to a lesser extent) Windows Mobile.  Since the trend for mobile use is set to grow the threat is likely to grow with it.  The report states that “traffic from wireless and mobile will account for 66 percent of total IP traffic”.  Another Cisco paper states that “the volume of global internet traffic will be 95 times as great as it was in 2005”.

Email is normally associated with inbound viruses and malware but it isn’t only used for delivery.  It can be used for reconnaissance.  A well-crafted email can help validate a user’s details or can be used to harvest credentials (‘phishing’).  As I’ll be reporting in the 3rd and final piece email and breaches are very closely linked.

What we all want to know is how do we defend ourselves and what can be done?  It’s largely the same (old) story which is to start with the basics.

-Invest in your people. If the tools fail people are your last line of defence.  A well drilled team is better than a 100 tools.  However, everyone makes mistakes from time to time so defence in depth and a layered approach helps;

-Use a reputable mail provider and email gateway product. Since these see millions of messages per day they are able to identify and stop spam and therefore malicious content before it hits your network;

-Have tools in the network that can spot malicious behaviour (and don’t forget to monitor them). Make sure you are getting them from a reliable source that has the skills to install, configure, support and manage that tool;

-Patch! Are we getting bored with this (very necessary) message yet?  The idea being to eliminate the vulnerability before the malware tries to take advantage of it;

-Web gateways will also help identify unhealthy / suspicious traffic.

Email use is unlikely to drop off anytime soon, despite the introduction of many of the social messaging sites.  Build layered defence, train and test your people and monitor your networks.  After all, it only takes 1 email!

To catch up or recap on part 1 of this 3 part series (Tools & Technologies used by companies) click here. 

Please follow and like us:
RSS
Follow by Email
Facebook
Twitter
LinkedIn

Leave a Reply

You must be logged in to post a comment.