Quick Quiz: What is the single greatest threat to your organization’s network security?
If you said anything other than “EMAIL”, it is time to re-assess your security strategy. Email remains the number one successful vector for attackers to penetrate your network. Even with the most advanced systems parsing all email coming into your system, your network security is still determined by a user’s common sense.
Spammers will not be letting up any time soon, and their tricks are always changing. Enterprise-level email systems will block most viruses from entering the server, but these are not the greatest threat. Spammers will send decoy emails; emails with a document, often with a PDF attached, claiming to be an invoice or another legitimate piece of communication. Once these attachments are opened, code that was embedded into the file will attempt to reach out to its command server and download additional instructions and the actual virus payload.
It is through schemes like this that Zeus and Cryptolocker often spread, wreaking havoc on networks. Because these documents do not contain the actual payload, they have a lower detection rate against scanning and are more likely to make it past any perimeter defenses.
How do you defend yourself against this?
One of the best defenses is knowledge, and being able to identify threats. Common types of attachments spammers try are: PDF invoices and receipts, voicemails, and faxes. If you don’t recognize the sender, be wary when opening files. Banks, UPS/FedEx and sites like Amazon typically are not going to send you emails with attachments.
Telling everyone to be wary is a good practice but we are all human, and we all inevitably make mistakes. What do we do in that situation? The answer is to plan ahead and have a strategy in place. Always make sure important and critical data is physically backed up in a second location. A few of SWAT’s clients were infected with Cryptolocker and we had no way to decrypt the data without paying the ransom. However because we had backups on our BDR, we were able to clean the network and restore data from the backup.
Most of these exploits rely on outdated systems. In the event you accidently download a payload, it could be completely neutralized by simply keeping things like Flash, Adobe reader, and Java up to date. Always make sure all your browsers are on the latest versions as well as all browser add-ons, and your operating system. To protect against zero-day exploits you will need security software that stops malicious execution instead of just comparing digital signatures; many services are beginning to adopt this approach.
- Josh Ihler, Systems Engineer