By: Evan Dumas, Regional Director, Southeast Asia, Check Point Software Technologies
That email that just arrived in your inbox — how confident are you that it is not malicious? While most of us would not bat an eyelid to what seems to be an ordinary, harmless email in our virtual mailbox, the numbers tell a different story. With 90% of cyber attacks on organisations starting from a malicious email, it’d be unwise to underestimate the risks malicious emails pose.
To get a better understanding, Check Point Software Technologies dives into the different types of risks posed by email driven attacks and the havoc they can wreck.
1. Phishing Emails
By now, we are all familiar with phishing emails. However, phishing have evolved greatly since the days of emails fake Nigerian Princes. Today, phishing emails involve sophisticated social engineering strategies that are designed to exploit vulnerabilities, both in the system, and especially in human beings. They include spoofing techniques that are designed to make the email look legitimate to the unsuspecting eye. While there are different types of email phishing attacks, the most common and dangerous ones are Impersonation, Spear Phishing, and Business Email Compromise (BEC).
Usually, phishing attempts are the first step in a bigger plan of attack. These emails typically bait recipients to visit a fake webpage, prompting them to log in with their company’s credentials. Some examples of these emails include links to files allegedly hosted on Google Drive, a request for verification of a PayPal transaction, or an invitation to a Microsoft Teams session. In some cases, the email would also direct recipients to purchase merchandise from a fake website.
2. Account Takeover
As the name suggests, this technique is used by criminals to hack and impersonate the compromised account user in order to steal sensitive and valuable information and data, or to intercept private communications. Similarly, an Account Takeover may also be just the first stage of attack in a larger scheme.
You might think that these only happen in movies. However, many have already fallen victim. A real life example unraveled by Check Point earlier this year revealed the scheme of a sophisticated cybercrime gang dubbed the Florentine Banker Group. These criminals manipulated emails, registered lookalike domains, and created a man-in-the-middle attacks to heist wire transfers amounting to US$1.3 million, from 3 British private equity firms.
This is a great, yet unfortunate real-life example of how a successful phishing attack can lead to massive financial losses for any organisation.
Another threat vector common with email attacks are malicious files, attachments or malware. These emails can appear to be as innocent as an invoice file, or a resume sent to Human Resource. However, the results can be devastating to organisations.
The goal of these emails is to infect the victim’s machine so as to control its operations and data. In many cases, hackers can even leverage this attack to set off a lateral infection to other machines across the network. One of the most severe attacks executed by malicious attachments and files is ransomware. This type of attack uses the malicious payloads hidden in the attached files to take over the users’ device and hold it ‘hostage’ until ransom money from the organisation is paid. Such an attack happened to the New Orleans Government, which resulted in over 4,000 computers attacked and US$7 million in losses.
4. Data Leakage
Last but not least, the final threat vector that organisations should be alert about is the risks of data leakage. Though it cannot be defined as an attack, a leakage of sensitive information, intentional or not, will result in significant consequences. It can be in the form of regulatory compliance fines, income loss and reputational damage for the business with the loss of customer data. In some cases, the consequences might be so great that the company may never recover from the leak.
More than it meets the eye
As you can see, emails can be leveraged by hackers to potentially cause a lot of damage to organisations. Many people get more emails on a daily basis than they can deal with, so they are less suspicious or don’t have the capacity to check every one of them.
With the new state of remote work, the threat is even bigger. It is every employee’s duty to keep the company safe from a cyber breach. There is no telling if your next email might be malicious, that is why it is always important to be aware of the potential risks and be on a lookout for red flags.