Shut the Electronic Front Door in the Face of Cybercriminals

Dan Sullivan
Analyst

www.ConcentratedTech.com

Overview
State of Email Today Why So Much Malicious Email? Phishing and the Potential Impact on Your Business How to Block Malicious Email What to Look for in an Anti-malware for Email

Email Today
2.9 Billion email accounts worldwide in 2010 25% of those account are corporate email accounts Corporate users send and receive on average 110 email messages a day 1,000 person organization can spend $3 million per year to cope with spam. 1 in 169 messages contains malicious content 1 in 242 is a phishing lure In the U.S., about 73% of email is spam

Expect a malicious email every other day.

Sources: Email Statistics Report 2010. The Radicati Group, Inc Fahrenheit Marketing

Why So Much Malicious Email?

Well established cybercrime industry
Uses malware to commandeer CPU and storage resources Even low click through rates on spam generate profit

Low marginal cost to spread malware Email malware and phishing attacks may be part of long term, targeted attack (Advanced Persistent Threat, APT)
Source: Fahrenheit Marketing

Phishing : Global Problem

35,000 30,000 25,000 20,000 15,000

Number of Phishing Web Sites

10,000
5,000 0 July August September October November December

Phishing: Global Problem

35,000 30,000 25,000 20,000 15,000

Number of Phishing Web Sites

10,000
5,000 0 July August September October November December

USA

Countries Hosting Phishing Sites

Canada Egypt UK

Germany

Source: Anti-Phishing Working Group

Multi Target Phishing Attack:

RSA victim of Advanced Persistent Threat (APT) attack. Part of the attack involved phishing.
Employee lured into opening a spreadsheet titled 2011 Recruitment Plan Spreadsheet contained a zero-day exploit that used an Adobe Flash vulnerability (since patched) Now the attacker is inside monitoring the victims activity and seeking out additional victims

Over 700 other businesses and organizations attacked with same method, including 20% of Fortune 500s.

Source: RSA, Anatomy of an Attack http://blogs.rsa.com/rivner/anatomy-of-an-attack and http://krebsonsecurity.com/2011/10/who-else-was-hit-by-the-rsa-attackers/

Blocking Malicious Email

Some viruses and malware can be detected by scanning for patterns
Look for binary patterns that appear in known malware but not in other programs Known as signature based detection

Blocking Malicious Email

Some viruses and malware can be detected by scanning for patterns
Look for binary patterns that appear in known malware but not in other programs Known as signature based detection

Malware developers have created stealth technologies for malicious code

Encryption can hide the malware but must be decrypted to run. Decryption code can be detected. Polymorphic techniques change the patterns in the code without changing the behavior. Signature based detection insufficient, need to analyze behavior.

Key Features of Anti-Malware

Scalability - Meets demands of increasing volume of email traffic Reliability Always on when email system is functioning Manageability Dashboard, reports, and other tools to help email administrators understand the state of email security Comprehensive Detect multiple threats, such as viruses, Trojans, malicious scripts, spam, phishing lures Accuracy Does not block legitimate email (low false positive rate)

3 Elements for Securing Email

Anti-malware
Signature-based Detection Behavior-based Detection

Procedures
Establish policies Implement access controls Monitor activities on networks and endpoints

People
Provide security awareness training Minimize privileges

Key Points
Malicious email is a profit driven phenomenon Variety of threats use email to attack your business Expect volumes of malicious email to grow Expect malicious content to become more difficult to detect Evaluate options based on key feature Securing email requires anti-malware, sound procedures, and user awareness