Imagine receiving an email from US VP Mike Pence’s official email account asking for help because he has been stranded in the Philippines.
Actually, you don’t have to. This actually happened.
Pence’s email was hacked when he was still the governor of Indiana, and his account was used to attempt to defraud several people. How did this happen? Is it similar to how the DNC server was hacked?
Email hacking is one of the most widespread cyber threats at present. It is estimated that around 8 out of 10 people who use the internet have received some form of phishing attack through their emails. Additionally, according to Avanan’s 2019 Global Phish Report, 1 in 99 emails is a phishing attack.
BitDam is aware of how critical emails are in modern communication. BitDam published a new study on the email threat detection weaknesses of the leading players in email security, and the findings command attention. The research team discovered how Microsoft’s Office365 ATP and Google’s G Suite are allegedly critically weak when dealing with unknown threats. Also, their time-to-detect (TTD) can take up to two days since their first encounter with unknown attacks.
How Leading Security Systems Prevent Attacks
Email security systems address cyber threats by scanning links and attachments to determine if they are safe or not.
They can then automatically block links and prevent download or execution of file attachments. In most cases, to identify threats, security systems compare the scanned files or links to a database of threat signatures. They employ reputation services or a threat hunting protocol that monitors possible attacks based on threat data from various sources.
Links or attachments that are deemed safe on the initial scan are not always safe, though. There are many instances when security systems fail to filter threats because they have not updated their threat databases yet. Because of this, gaps in detection exist. There can be up to three detection gaps in a typical security system. These gaps represent vulnerabilities or opportunities for email attacks to penetrate.
There are security systems that take advantage of artificial intelligence to make threat learning and detection automatic and more efficient. They use data from previous attacks and the corresponding actions of the network administration or computer owner to come up with better judgments for the succeeding incidents.
images from Hacker News