In 2020, ransomware attacks increased and soaring and phishing and email impersonation attacks were witnessed at worryingly high levels.
Specialists in cybersecurity have already calculated that 2020 saw a global cost to businesses caused by ransomware will come in around $20bn. It has also be predicted that the ransomware will remain the main attack vector of hackers for years to come as it is a proven way of earning money for these groups.
The main focus of these attacks has always been large companies due to the huge amounts of personal data they manages and the potential for using this in identity theft campaigns. Smaller companies are a less attractive target. However, they also manage considerable amounts of customer data and attacks can still be return a lot of money for hackers. While the large enterprises are a lucrative target they can be tricky to infiltrate as they invest so much in cybersecurity measures. As smaller enterprises would not have a large budget to invest in cybersecurity they can have a number of weaknesses that would make them much easier for hackers to infiltrate.
This is why small to medium enterprises are often targeted with phishing campaign. Should a phishing email makes it to an employee inbox, there is a good possibility that he message will be opened and important details will be compromised or malware will be downloaded.
The 2018 KnowBe4 Phishing Industry Benchmarking Report shows that on average, the probability of an employee clicking on a malicious hyperlink or taking another fraudulent request is 27%. That means one in four employees will click a link in a phishing email or obey a fraudulent request.
In these phishing emails the sender of the message is spoofed so the email looks like it was shared from a known individual or company. The email will feature an authentic email address on a known business domain. Without proper security measures configured, that message will land in inboxes and many staff members are likely to be tricked into sharing their credentials or open an infected file which downloads malware. More often than not, they will not realize they have been tricked.
One way of blocking these phishing messages from landing in staff inboxes is to apply Domain-based Message Authentication, Reporting and Conformance (DMARC) rules. Simply put, DMARC includes two technologies – Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM).
SPF is a DNS-based filtering security measure that helps to discover spoofed messages. SPF established authorized sender IP addresses on DNS servers. Recipient servers carry out lookups on the SPF records to make sure that the sender IP is one of the authorized vendors on the group’s DNS servers. If there is a match the message is sent to the requested inbox. If the check does not match, the message is rejected or quarantined.
DKIM includes the use of an encrypted signature to prove who the sender is. That signature is created using the organization’s public key and is decrypted using the private key available to the email server. DMARC rules are then applied to either reject or quarantine messages that do not meet the authentication requirements. Quarantining messages is useful as it means network managers can review to see if genuine emails have not been flagged by mistake.
Reports can be made available d to monitor email activity and network managers can see the number of messages that are being rejected or dropped. A quick rise in the number of rejected messages indicates an attack is current.
DMARC might appear complicated. However, if it is set proper properly it will prove an invaluable security tool that defends against phishing and dangerous email content.
TitanHQ’s anti-phishing and anti-spam service used DMARC to prevent email impersonation attacks in addition to advanced anti-malware features such as a Bitdefender-powered sandbox. For more details about tackling email impersonation on your organization contact TitanHQ now.