Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Email Security

The Rise of Vishing and Smishing Attacks - The Monitor, Issue 21

Kroll has observed an increase in two social engineering tactics known as “vishing” and “smishing.” These tactics use phone calls, voice altering software, text messages and other tools to try to defraud unsuspecting people of valuable personal information such as passwords and bank account details for financial gain. These types of attacks use similar techniques to the common infection vector, phishing.

Email Fraud in 2022: What you Need to Know

With how much of our personal and professional lives take place online, it becomes more important each day for us to understand our vulnerability to cyberattacks. Cybercriminals target emails, domains, and accounts in order to impersonate identities and scam consumers and businesses alike. In 2021 alone, email spoofing and phishing increased by 220% and caused $44 million in losses. It is crucial to employ defenses to protect against these attacks.

Egress named as a representative vendor in the Gartner Market Guide for Data Loss Prevention (DLP)

Industry analyst Gartner recently published their 2022 report on the state of the DLP market. They consider DLP a mature technology but do talk to the emergence of next generation data security tools for insider risk management and cloud use cases. The enterprise DLP (EDLP) market is growing at around 6.6%.

IPFS: The New Hotbed of Phishing

A few months ago, we reported on an interesting site called the Chameleon Phishing Page. These websites have the capability to change their background and logo depending on the user’s domain. The phishing site is stored in IPFS (InterPlanetary File System) and after reviewing the URLs used by the attacker, we noticed an increasing number of phishing emails containing IPFS URLs as their payload.

What should a CISO's priorities be for reducing inbound and outbound email risk in M365?

While cybersecurity risks are similar across the board for any IT leader, it's down to each CISO to decide what takes priority. Before doing that, they need to assess the risks and plan accordingly for them. Unfortunately, many businesses don't do this. A 2022 UpCity study – the Small Business Cybersecurity Survey Investigations Report – found that only 50% of SMBs have a cybersecurity plan.

The future of email threat detection

As businesses continue to adopt cloud integration and remote work increases, security teams are facing more visibility challenges as well as an influx of security event data. There is more need to understand the threats than ever before, as the threat surface area increases, and tactics increase. Cyber threats are becoming more sophisticated and occurring more frequently, forcing organizations to rely on quality threat detection to protect their data, employees, and reputation.

How should the security industry innovate against email risks over the next five years?

Our research has revealed that 80% of security professionals have experienced increased security threats since shifting to remote work. To stay protected against attacks and reduce the chances of losing significant amounts of money, putting their users at risk, or destroying their reputation, organizations must do more to innovate against email risks. In our most recent report, Cybersecurity experts' views on email risk within Microsoft 365, we identify many of the risks Microsoft 365 users face.

Which cyberthreats are keeping the experts up at night?

One of the most challenging elements of cybersecurity is knowing what’s to come. While none of us have an IT crystal ball (unfortunately), we can make educated guesses based on the evidence around us. One thing that is for sure, though, is that cybercriminals are more of a threat than ever. According to the FBI’s Internet Crime Report from last year, a record 847,376 cybercrime complaints were reported by the public in 2021 – a 7% rise from the previous year.

Phishing: Better Proxy than Story

In the last phishing blog we discussed how modern phishing works on the frontend. Read on to find out how threat actors can easily find and authenticate a suitable domain by modifying both Gophish and Evilginx to evade security controls In the last phishing blog we discussed how modern phishing works on the frontend. Here we go behind the scenes to dissect how to configure and authenticate a good domain for your phishing campaign using Apache as Reverse Proxy. Excited? You caught the hook, read on!

Trustwave SpiderLabs: The Power Behind MailMarshal

From the outside, it might appear as if Trustwave MailMarshal is a stand-alone solution that on its own is able to effectively defend email systems from a wide variety of phishing, malware, and business email compromise (BEC) attacks. The truth is MailMarshal is backed not only by one of the best trained, most experienced cybersecurity research teams in the industry but also by a technology stack that has been decades in the making.