Security Perimeter and Phishing Attacks
Adrien Gendre
—February 26, 2016
—2 min read
The Internet has not been kind to the concept of the security perimeter. Information security borrowed the concept of perimeter, that boundary between us and them, from the military.
The Tale of the Phisherman vs. the Aircraft Carrier
In the Navy, for example, there is a perimeter of several hundred miles around an aircraft carrier. The rule is that no attacker can ever be allowed to get close enough to strike the ship. To realize this goal of protection, the carrier is surrounded by ships and aircraft that keep constant lookout for anything on, over, or above the water.
The concept of a perimeter is the essence of defense-in-depth. In InfoSec, the perimeter consists of multiple layers of security: firewalls, anti-virus software, email filters, security policies, passwords, physical locks and keys, employee screening and so forth. Like the aircraft carrier, an organization’s main data assets are to be shielded from any threat.
The weak point: employee email accounts
Email does not lack for purpose-built perimeter defenses. The problem is that these defenses, which include technologies such as spam filtering and anti-malware scanning, are generally not able to stop a sophisticated spear phishing attack.
Spear phishing is a mode of hacking that involves impersonating colleagues. The attacker poses as a work friend, often sending harmless messages from a gmail account as a way to build rapport with the recipient. Once the recipient trust emails from that bogus email account as being genuinely from their friend, the phishing attacker asks for log in credentials that can be used to access corporate data sources. Spear phishing is frighteningly effective. It’s estimated that 91% of successful attacks use spear phishing as a way inside the firewall. Indeed, some of the most notorious data breaches of the last year have been attribute to spear phishing.
Bypassing the security perimeter
When an employee opens an email from a spear phishing hacker, the attack has bypassed virtually the entire perimeter in one leap and gotten right inside the firewall. All of those vast, costly defenses are not able to stop the spear phisherman. It’s like they teleported onto the deck of your aircraft carrier.
The problem is that standard email security, such as spam filters, are not able to catch spear phishing emails. From the perspective of that technology, there’s nothing to catch. A spear phishing email rarely has attachments. If it contains URLs, they may seem benign at the point of receipt because the attacker has not yet activated a redirect that points to a malware download. The message just says something like, “Hey, Frank — I’m stuck in the airport I only have my phone. Can you send me the customers list of Q3 business?”
An effective defense
So, can a single phisherman sink your mighty aircraft carrier? Maybe. Unless you upgrade your defenses.
Like warfare, information security is a perpetual arms race, with new defenses arising to confront new threats.
A new type of countermeasure now offers protection against spear phishing emails. Vade Retro, for instance, provides a unique anti-phishing defense that can be layered on top of existing email security software. It creates a perimeter where there has essentially been none. By employing heuristic analysis to spot spear phishing emails. The solution has been “trained” to detect suspicious emails based on an analysis of hundreds of millions of emails over a ten-year period and has created a massive rules database using this kind of artificial intelligence to screen inbound messages.
Vade Retro also looks at each URL included in an email the instant an employee clicks on the link, safely exploring it in a remote sandboxed environment to see if it contains any malware, honeypots or malicious code. This averts the problem of phishers sending clean links that they later point to malicious URLs. Proprietary processes spot one-off spear phishing attacks by matching the style and technical indicators of the claimed sender of any given email with known information about the actual sender.
Give us a call at 415-745-3630 or contact us, if you want to discuss how you can quickly add anti-phishing measures to your current email setup.