Why are Targeted Email Attacks so Difficult to Stop?
When it comes to email security threats, one of the most common (and most underestimated) forms of attack is email phishing. Particularly for companies, phishing attacks can be critical when it comes to spilling and stealing private data, personal information, and company files. Spear phishing or other targeted email attacks have even more impact.
The most commonly known type of phishing is the broadest one: deception phishing. This is the “spray-and-pray” approach that many are familiar with. Fake emails, spoof company names and logos, and a message hoping to catch you off guard and fool you. However, there’s another type of phishing email that’s far more dangerous–targeted email attacks AKA spear phishing.
What is a Spear Phishing Attack?
So, what is a spear phishing attack anyway? It’s a targeted email attack aimed directly at well-researched individuals, usually from a company. The goal of these attacks is to fool or manipulate the target into handing over company information, files, or other valuable data. These attacks require a lot more work on the end of the attacker, but they’re often worth it due to how much more effective they tend to be.
Researched targets are a lot easier to manipulate. Attackers are much more likely to get an employee’s attention with something personal and directly targeted at them than a generic spam email.
Once sufficient research is done, attackers can essentially hold an employee hostage via data. They might either threaten to misuse it or fool the victim into thinking they have more information than they really do. In either scenario, it’s a frightening situation for most individuals. That panic and fear are often how these attacks find success.
Back in 2017, in an infamous spear phishing attack, Facebook and Google employees were tricked by Lithuanian scammers in a series of extremely targeted emails. Overall, they cost the tech giants about 100 million USD.
While this is one of the more severe examples, countless companies and mega-corporations alike are targeted by intense email scams. No one is invincible from these attempts, and it goes to show what could be at stake for companies.
Reconnaissance: Preliminary Target Research
For hackers and phishers, no piece of information is insignificant. Once their sights are set, they’ll begin spinning a web of data about their target. They’ll typically start with readily-available public information – a company profile, full name, etc.
Then, they’ll start combing through their target’s social media, both new and old. Cyber attackers also look into their targets’ associated activity and history to see what clues they may have unknowingly left behind.
Piece by piece, they’ll follow a trail back as far as need be to amass enough data. Unfortunately, since so much of our lives are recorded on the internet, most hackers have ample information to target us without much problem. All they need to do is dig and investigate, and eventually, they’ll land their hook.
This is why preventing such attacks from the very first stage is nigh-impossible. The research phase can stay active for as long as necessary, without any knowledge of the targeted victim or their associated company. It’s only when the attack begins that they’re suddenly made aware.
Technical Effectiveness
Simple mail transfer protocol (or SMTP for short) was never built to scan and detect malicious messages. It’s not made for security: it’s purely functional. Your brand and domain can be impersonated by anyone who’s willing to put in the effort.
This leaves you vulnerable to all types of email attacks. The only way to defend against such malicious cyber assaults is by using email protection. Think encryption, secure email gateways, and security protocols such as SPF, DKIM, and DMARC.
Once you place SPF and DKIM configurations in your DNS and start aiming for full DMARC compliance, your email recipients start getting emails that can be trusted. If your domain doesn’t have these protocols configured, there’s nothing standing between phishing and spoofing emails, and your clients.
Phishing, spoofing, and other types of attacks that include compromising your domain and company reputation are rendered useless. Attackers won’t even think of targeting your company employees once they see proper protocol implementation in the preliminary research stage.
Exploiting the Human Factor
Targeted email attacks work due to one very specific flaw in the workplace: We’re all human. No matter how careful and how trained your employees are, they’re bound to miss something. It’s that mild lapse in judgment that attackers use to get their foot in the door.
Targeted attacks like spear phishing belong to the category of cybercrime called social engineering, which exploits individuals, their vulnerabilities, and fears of the unknown.
Most of these email attacks won’t have an overly-obvious domain name and come with a hundred spelling errors. They’re almost indistinguishable from genuine emails unless you spend an hour analyzing every word.
That’s why we can’t just rely on our common sense to fend off such email breach attempts. The effectiveness of a targeted attack matters too. Hence, using a protection protocol such as DMARC isn’t just a wise choice, it’s a necessity.
Why is the DMARC Reject Policy so Efficient Against Targeted Attacks?
DMARC’s reject policy is extremely effective due to its authentication system. Only authenticated emails from trusted domains are allowed to flow freely. Untrusted domains won’t reach the target inboxes. This discourages the majority of hackers from even trying an attack—there’s no way to break through.
But DMARC doesn’t just magically work. Achieving full compliance (reject policy) is a process that can last weeks or months, depending on the number of sources you have up. So how does DMARC judge if the source is genuine or not?
It combines authentication and alignment from SPF and DKIM protocols and starts monitoring your email infrastructure. It also gives you aggregate reports where you can see your “Compliant” and “Non-compliant” sources. From there, you can continue fixing SPF and DKIM for each source, deciding which ones can send emails on your behalf and which shouldn’t.
Achieving DMARC Reject Protocol isn’t a One-Click and One-Time Solution
While DMARC is a powerful tool that can give you a great level of protection from malicious emails, you shouldn’t be ready to put it at full throttle from the very start. If you do, your recipients end up not receiving emails from you at all. Work toward compliance gradually. This way, you’ll avoid rejecting genuine emails.
Are you done when you reach the DMARC reject policy AKA full compliance? Yes, for now. Still, there’s a caveat you need to consider. Your email infrastructure isn’t set in stone. It needs periodic maintenance, as sources change.
You need to stay on top of the emails sent from your domain even after you reach “p=reject.” That’s why EasyDMARC users continue getting DMARC reports even when they reach full compliance.
Conclusion
Spear phishing and other targeted attacks are serious issues for people that trust your organization and those who work there. Nobody likes to fall victim to a targeted cyberattack. They’re not only prevalent but also very efficient.
Businesses have the means to guard their clients and employees against these types of email attacks. They just need to be more vigilant about the employed security measures and improve them all the time.
The post Why are Targeted Email Attacks so Difficult to Stop? appeared first on EasyDMARC.
*** This is a Security Bloggers Network syndicated blog from EasyDMARC authored by Hasmik Khachunts. Read the original post at: https://easydmarc.com/blog/why-are-targeted-email-attacks-so-difficult-to-stop/
