At any point of the digital transition,…
Cybercriminals celebrated a higher special than ever, Corona Year. The ransomware was hit by strangers with remote job and education programs, and their email addresses were loaded with phishing emails that were more believable than ever before. It is expected to see fresh cybercrime tactics focused on this heyday in 2021. This prospect was expanded on by Dan Fein, director of email protection solutions at security company Darktrace.
- Impersonating a marketing director? Now, impersonation of the supply chain
Payne notes that he hears security experts say, “It’s important to protect C-level executives.” But Payne is of the position that it should not be an end in itself. C-levels are certainly the people who should be covered. By the way, if the corporate network itself is closely secured, the C-level is also stable. Conversely, it doesn’t make the organization safe to cover just the C-level. What one should then be prioritized? ”
It is also real, though, that the attack tactic impersonating the CEO such as BEC attackers is difficult because defense is configured around the C-level for many organizations. That’s why, even though they are not C-level employees, offenders are now expected to impersonate any entity or agency that the corporation trusts, Paine points out. It also affects non-C-level entities, making it harder for attackers and more secure.
Indeed, companies with a significant number of partners and clients are likely to be attacked if such supply chain assaults continue to dominate. In fact, there have been records of fewer attacks on C-level executives in a study conducted this year.
- Email Protection by MX Records Solution
It’s not just attackers who place emails at risk. Tools for email encryption may also be a risk factor. “In the flow of transmitting email, e-mail encryption solutions and third-party gateways nearly always operate. In other words, depending on the mail exchange record, it governs the flow of traffic (MX record). MX records are used to designate the mail server that receives e-mails.
The downside to this approach is that “there are security devices in the middle of the traffic flow, which can disrupt smooth operation,” Paine notes. If the security gateway is a concern, it means that the usual mail process itself could be paralyzed. It may be effective, in other words, for attacks aimed at paralyzing and crippling the postal system.
There will be concerns for not being able to e-mail, and attackers will be able to do such malicious acts. In remote working programs, it may even impair efficiency. As a consequence, we plan to borrow subtly different frameworks from email security providers.
- The life span of phishing attacks reduces. Inside the
The lifetime of the attack infrastructure had historically ranged from a few weeks to several months. It keeps dwindling. The infrastructure in place to deliver fake emails had an average lifetime of 2.1 days in 2018, but declined to 12 hours in 2020, according to a report by Darktrace. This means that it also significantly limits the efficacy of defense measures to block particular hacker groups or suspicious IP addresses.
The rate is getting really cheap for new email domains. There’s no pressure on even cyber criminals seeking to mitigate their investment. So you adjust the root of assaults sometimes, making protection challenging. Protection devices focused on credibility lookups are fast approaching their end of existence, in particular. In the future, this development is projected to persist.
- Attacks will be targeted further.
Paine expects that, as it starts with No. 3 above, the idea of an assault ‘campaign’ will eventually disappear. “A long-term assault is a war. However, as infrastructure is becoming simpler and easier to restore, a hit-and-run approach would be favoured by attackers searching for email. For attackers, the investment benefit is high so we will continue to find fresh victims.
In comparison, last year and this year, ransomware attackers have clearly shown that the ‘effectiveness of targeted attacks’ can be high. “There’s a lot of material on the Internet as well. Social networking is now growing, and individuals leave extensive information on this social media about themselves. So, it is bound to be better to aim attacks. Targeted spray attacks, rather than mass spraying of phishing addresses, will now be necessary.
- Ransomware tastes would steadily decline, little by little,
Because of the coronavirus, the rise in the number of home employees means that the working environment of citizens will become more decentralized. The influence of ransomware is also ultimately diminished, predicts Paine. The effect and destruction from ransomware would not be fatal, since data and authority are decentralized.
Criminals will increasingly get away from malware like this with the intention of earning cash, and they will possibly find new ways to do it. For example, an assault that manipulates invoices and receipts will be able to secretly cheat people and quietly make money without drawing investigators’ interest.
It is also possible to expect that ‘corporate email infringement attacks (BEC attacks)’ will begin to rise and become more sophisticated in this sense. There are estimates that the harm inflicted by BEC attacks is higher than that caused by real ransomware or multiple attacks by malware. The concentration of media and investigation departments is high as ransomware is infamous today. This interest is ignored by many cyber attackers.
Cybercriminals know how effectively new techniques for email protection run. So, Paine states that a secure security can not be given by current e-mail instruments. “Most modern cyberattacks literally start with email. Why will it be? This is because people don’t worry any more than they think of email confidentiality. Only email attackers are involved. Organizations would need to pay more attention to email protection in the future.