Email attacks have always been a threat to businesses since their inception, but over the last decade they have exponentially evolved in sophistication and frequency. Instead of using detectable malware, links and attachments, they use social engineering to impersonate trusted sources. These extremely believable impersonations have led to a surge in account takeovers. And it all happens very quickly, with half of compromised accounts accessed within 12 hours of an attack. Unfortunately, the ongoing COVID-19 pandemic has added fuel to the fire. A rise in remote working alongside fear and uncertainty has created not only the ideal content for incredibly realistic phishing emails, but workforces who are more likely to fall victim to attacks.
With the evolving email threats that we are facing, traditional tools that focus on finding malicious emails, based on past campaigns are falling far short. The problem is that these breaches are often zero-day, unique attacks that haven’t been seen before. All threat actors need to do is to compromise one person’s email account to make headway through the business. They can then get their hands on employee credentials, sensitive information, and financial details, all of which can empower them to cause chaos.
Account compromise attacks are among the most difficult to detect as well as being the most destructive to businesses. As they aren’t easy to uncover, they can lie in wait for some time, and that’s just what they do. Cybercriminals are stealthy and constantly find new ways to remain undetected for long periods of time so they can maximise their impact. In fact, more than one-third of hijacked accounts see cybercriminals dwelling for more than a week before launching their attack.
Understanding attacker behaviour and what an attack looks like is the first step towards proper protection. Here is the typical attack chain cybercriminals employ to breach your business:
It’s vital for you to be able to detect unauthorised users within legitimate email accounts if you are to defend against account compromise. Of course, this is no mean feat as there aren’t the usual indicators of compromise to look out for, and secure email gateways are rendered useless. The fact is that emails trick both humans and traditional security tools every day. To stand a chance, you need a defence in depth approach with advanced threat protection alongside artificial intelligence (AI) and machine learning-based technology:
Email is a primary attack vector for cybercriminals. In fact, 78% of attackers don’t access any applications outside of email. So, it pays to ensure you are fully protected against the most advanced and sophisticated attacks. To find out how well your business is defended, get in touch with Infotrust today for an email security assessment.
If you'd like to find out about the anatomy of a vendor email compromise, click here.