Email Security

With Ventura Systems’ Email Security tools your IT team can focus on the important work,

instead of getting stuck processing thousands of emails.

EMAIL SECURITY

Threats that use email as their primary attack vector are the largest sources of cyber risk for companies today. These are the reasons:

The Problem

Attack volume:

  • Every day more than 3 billion emails are sent with spoofing attacks.
  • 94% of all Malware is sent by email.
  • Around 30% of all security compromises are due to Phishing.
  • 28.538 credentials are stolen every minute.

Detection limitations:

  • BEC attacks are undetectable by signature-based tools.
  • 22% of all security breaches are due to social engineering.
  • 24 months is the average time to detect compromised credentials.
  • Limitations of traditional protection tools: Email solution providers have some limited layers of protection, for example: Microsoft only allows each anti-phishing policy to be applied to a maximum of 60 users. In addition, they do not have the ability to control:
    • Social engineering attacks: Attacks based on human behavior are practically impossible to prevent by these tools without having a high rate of false positives, affecting the normal operation of organizations.
    • Zero-day / N-day Attacks: More than 300.000 Malware variants are discovered every day. Traditional signature-based tools cannot detect these types of attacks.
    • Polymorphic attacks: Polymorphic variants constantly change their identification characteristics to avoid detection.

Limited Operational Resources:

Cybersecurity teams are overwhelmed by the number of suspicious emails they must process, making Incident Detection and Response Mean Times (MTTD, MTTR) to take months.

High dependence on end users’ reaction:

The end user is the weakest link in the cybersecurity chain. 25% of all Phishing attacks reach inboxes and the average time a user clicks on a link is 86 seconds.

Integrated platforms for communication, messaging, collaboration, office automation and storage:

Just by compromising a user of an Office 365 or Google Workspace environment, the entire infrastructure can be compromised due to the total integration provided by these services.

SUMMARY OF THE PROBLEM:

We are facing a threat based on a type of attack that is very easy to execute in an automated and massive way, which has a high probability of success because it cannot be controlled effectively with traditional tools, it requires practically exclusive dedication of an overburdened IT staff, and much of the responsibility falls on end users stressed from their day-to-day activities.

Effects of the Problem

  • 57% of businesses report losses due to Account Take Over.
  • Phishing causes losses of USD$17,700 every minute.
  • Businesses lose on average the equivalent of 50 days of productivity for each malware attack.
  • Losses in dollars have doubled every year in the last 5 years.
  • Losses for each BEC attack are USD$120,000 on average.

Ideal Approach to Control the Risks associated with Email

To achieve effective email security, you need to have tools that can protect across the full spectrum of threats, while creating security awareness in end users through continuous training, and with a high degree of security, autonomy, and automation, to handle the high volume of attacks, freeing IT staff from the operational burden, to focus on strategic and tactical tasks.

Problem / Ideal

Attack Volume. / High level of automation.

Detection Limitations. / Protection across the threat spectrum. Machine learning and artificial intelligence. Heuristics and behavioral analysis. Continuous monitoring of inboxes. Large network of shared threat intelligence.

Limited Operational Resources. / High level of autonomy and automation. Ease of implementation, operation, and support. Minimum false positives.Quick detection and remediation.

High dependence on end users’ reaction. / Detects and quarantine threats before they reach inboxes. Continuous training. Simulation of attacks. Alert banners.

Ventura Systems’ Email Security solutions offer everything that is currently required to keep the risks associated with email under control for the benefit of the organization and the IT staff. 

Advantages of Ventura Systems Solutions

  • Quick to implement: With just a couple of clicks they are ready to be used.
  • Automatic Detection, classification, response, and remediation.
  • Group all similar suspicious emails into the same incident.
  • Remediation with 1 single click.
  • Integration of multiple Antiviruses, Sandboxes, and threat intelligence.
  • Scanning of inbox history to detect and remove existing threats.
  • Continuous monitoring of Inboxes to detect and eliminate polymorphic attacks and hibernating threats.
  • Artificial intelligence:
    • Creation of profiles of each user based on historical communications, content, behavior, external and internal contacts, and other metadata to prevent Spoofing/Impersonations.
    • Natural Language Processing (NLP): Detect, recognize, and alert emails with words normally used in Phishing attacks (transfer, bank, account, invoice, fine, etc.).
  • Continuous Training: Automatic simulation of phishing attacks to verify the degree of awareness of the employees.
  • Cloud Native: Does not require additional hardware and does not have the drawbacks of traditional tools that want to move to the cloud.
  • Full integration of work domains.

Advantages of Working with Ventura Systems

  • Constant support from the Ventura Systems Blue Team.
  • All alerts received from a client are shared and managed with the entire Ventura Systems client base.
  • Training in the use of tools.
  • Training of employees in Security Awareness.

Context

Keywords:

Malware: Malicious software used to destroy, compromise, or access an operating system.

Ransomware: Malware that blocks the victim’s access to a system or information until a ransom is paid.

What is Phishing?

It is a technique (or set of techniques) that seeks to trick a victim into revealing sensitive information or transferring money to an attacker, who pretends to be a trusted organization or person. The most used vector for Phishing attacks is email. When the victim opens the email, they find a message designed to generate fear and lead them to take one of the following actions:

  • Respond to mail revealing classified information
  • Download a malicious attachment, or
  • Clicking on a link that can run

Types of Phishing:

Phishing attacks can be basically classified into 2: Generalized attacks (Bulk Phishing) and Targeted attacks (Spear Phishing). The former are a mixture of SPAM and Phishing where emails are sent to a large list of potential victims in the hope that one of them falls. Examples of Bulk Phishing:

  • Impersonation of government entities, such as those related to taxes and traffic fines.
  • The famous email of the Nigeria prince and its different adaptations.
  • Search Engine Phishing: Malicious sites with a domain and design similar to the legitimate one, are created and indexed in search engines.
  • Content Injection Phishing: The attacker replaces part of the content of a website to obtain information from users.

Spear Phishing, on the other hand, is an attack designed and executed against an specific person or organization. For this, an entire reconnaissance stage is required in order to design an email that increases the probability of leading the potential victim to react immediately.

To execute Email Phishing attacks, criminals can use similar email accounts (Email Spoofing) or compromised email accounts (Email Compromise).

Spoofing Attacks: In this case the attackers use a fake email address. The 4 most used types of Spoofing are:

Exact Domain attacks are less common because they can be easily prevented when SPK and DKIM are incorporated into DNS configurations.

Email Compromise:

To compromise an account, attackers must first obtain access credentials. This is usually achieved through a phishing email with a link containing the URL of a site that seems legitimate, where victims enter their access credentials to their emails, bank accounts, etc. This type of attack is known as Fake Login Attack. The content of the email deceives people by making them believe that a password is about to expire, that someone tried to access an account, that they have a message to read on a social network, that they must follow up on a shipment, etc. There are many variations that can lead the person to click on the link and entering their data where they shouldn’t. Once the attackers obtain the access credentials (Credential Theft) they can steal confidential information, transfer funds, or gain control of the account (Account Take Over). With a compromised account, attackers can deceive employees of the same organization or people within the value chain, suppliers, or customers (Email Compromise).

Email Phishing -> Fake Login Attack -> Credential Theft -> Account Take Over

The most relevant phishing attack with compromised accounts is Business Email Compromise (BEC). This type of attack targets specific people within organizations, taking advantage of their trust in the sender’s email address, and thus obtain important information or transfer money. The best-known types of BEC are:

CEO or senior executives impersonation: In large organizations, the attacker impersonates a senior executive to request sensitive information or money transfers from a lower-ranking employee.

Vendor Email Compromise (VEC): The company receives false invoices from a compromised email account of a supplier. The person receiving the email can download a malicious file via a link or attachment or proceed with the payment according to the instructions in the email.

Account Compromise: In this case, the victim is a client of the company to whom it is sent false invoices and payment requests to bank accounts belonging to the attackers.

Whaling: It differs from other types of phishing in that the objective is to compromise high-profile people such as politicians, businessmen, celebrities, etc. The information requests contained in the attack are more tailored to the specific person, for example: subpoena requests, customer complaints, specific financial transactions, etc. The unsuspecting target person may be lured into revealing sensitive information or other valuable data that only a few individuals have access to.

All the above can be avoided by using one of our Email Security tools. Contact us if you want to know them and do a proof of concept.

How We Do It?

\

WE BUILD AN OBJECTIVE VISION

We analyze the current state of your information systems: physical and logical infrastructure, and security posture.

\

WE DIAGNOSE THE EFFECTIVENESS OF SECURITY MEASURES

We evaluate the formal and material components that underpin the security posture.

\

WE CARRY OUT OFFENSIVE SECURITY EXERCISES

We become a persistent advanced attacker and with Red Team techniques, we try to compromise your network infrastructure.

\

WE REMEDY FINDINGS

We remove and mitigate the persistent elements found in the network infrastructure.

\

WE TRAIN THE IT DEPARTMENT

We train them in the proper attention to security incidents.

\

WE CREATE SAFETY CULTURE

We comprehensively train the human component of the organization, in order to create a safety culture.

SERVICES

Seguridad Ofensiva

OFFENSIVE SECURITY

Discover the degree of exposure of your organization, vulnerabilities and potential risks.

Seguridad Ofensiva

DEFENSIVE SECURITY

Guarantee the security, confidentiality, privacy and integrity of your organization’s information systems.

Continuidad del Negocio

BUSINESS CONTINUITY

We help you restore the operation of your business after a damage or disaster that compromises your organization’s information systems.

Networking e Infraestructura

CONSULTANCY

Identify the current state of cybersecurity in your organization using international standards as a reference framework.

CONTACT US TO ENSURE THE INTEGRITY AND CONFIDENTIALITY OF YOUR INFORMATION AND THE CONTINUITY OF YOUR BUSINESS.

ARE YOU UNDER ATTACK?

Do you need immediate support? Please contact us to receive our incident response and remedial services. [email protected]

[email protected]