How Vulnerable is Your Organization’s Email System?

The email system is your organization’s most important digital avenue, yet it’s the most vulnerable.

Despite the growth of other forms of digital communication like instant messaging and social networking, sending and receiving emails still remains the most favored means of communication by many. The email is the hub by which you communicate with your employees, your business partners and your customers.

Email Popularity

Email is the preferred means of communication because it’s one of the quickest forms of communication and an effective means to transfer files. In addition to exchanging messages and files, the email, through time, has become the window to other accounts. Without an email address, you can’t open an online account of your bank or a social media account.

According to Radicati, the number of worldwide email users – including both consumer and business users – will rise from over 3.7 billion in 2017 to over 4.1 billion by 2021. In 2015 alone, Radicati estimated that the number of emails sent and received each day total over 205 billion.

Symantec, meanwhile, estimated that there were approximately 190 billion emails in circulation each day in 2015. On average, each business user sent and received 42 emails each day, Symantec said in its “2016 Internet Security Threat Report”

Email Vulnerabilities

Due to its widespread use, the email has become a target for cybercriminals. Here are the top 2 email vulnerabilities:

  1. Email Hijacking

A recent study by Google found that more than 15% of internet users have reported experiencing the takeover or hijacking of an email account.

In email hijacking, an attacker gains access to an email account by getting hold of a victim’s email username, password and recovery or verification questions. Once accessed, a hijacker can do whatever he or she wants in the account like resetting the password, downloading all private data, deleting all messages or impersonating the victim.

Many of today’s email systems have done away with passwords alone to gain access. Instead of mere passwords, many require recovery or verification questions.

According to a Google and UC study, attackers hijacked the emails of victims by stealing usernames, passwords and recovery or verification questions through these methods: third-party data breach, keylogging and phishing.

Over the course of one year, from March 2016 to March 2017, researchers at Google and UC were able to track on the black market forums 1.9 billion stolen usernames and passwords exposed by third-party breaches, 788,000 credentials stolen via keylogging and 12.4 million credentials stolen via phishing.

Third Party Data Breach

In third-party data breach, email usernames and passwords are stolen by attackers as a result of security loopholes within a service provider. The third-party data breaches referred to in the Google and UC study were hacking incidents that happened inside service providers like Adobe, LinkedIn and Dropbox.

Keylogging

In keylogging, an attacker steals the victim’s credentials by using a malware that records and tracks every movement of the victim on his or her computer. Keyloggers steal sensitive data by taking screenshots of the online activities of the victims, harvesting clipboard contents and sensing the keyboard keys touched by the victims.

Phishing

In phishing, an attacker harvests the victim’s username, password, plus IP address, location, phone numbers and device model by fooling a victim to login to a fake web page of a popular email site like Gmail and Yahoo. Once victims clicked on these fake login pages, their credentials are harvested in the process.

  1. Computer Takeover via Email

While some attackers are interested in the email contents themselves, some view emails as an attack vector – a path or means by which hackers hijack computers of victims by delivering malicious software (malware). More and more attackers are delivering their malware via malicious emails, also known as phishing emails.

In its “2017 Internet Security Threat Report” Symantec said, “Email posed a dangerous and efficient threat to users: one in 131 emails contained malware, the highest rate in five years.”

“Email remains the medium of choice for cybercriminals and email volumes continue to grow …,” Symantec said. “Phishing attacks were more targeted and malicious emails grew in number and complexity, highlighting how email remains an effective medium for cybercriminals.”

An example of a malware that uses phishing emails as a means to gain access to computers is the ransomware called “Locky” – the first ransomware to earn $1 million per month based on a Google-led study (PDF).

A ransomware is a type of malware designed to block access to a computer system until ransom money is paid. In a ransomware attack, your computer is literally hijacked as you’ll lose total control of it and you’re at the mercy of the attackers to unlock your computer.

In August of this year, researchers at AppRiver reported that attackers sent over 23 million phishing emails containing the Locky ransomware. Recipients of these Locky phishing emails were employees coming back to work from a weekend break.

In the past, Locky attackers used the subject line “Scanned image from MX-2600N” in their phishing emails. This subject line is a well-thought campaign. The term “MX-2600N” is the widely popular model of Sharp scanner/printer used by many businesses. Many people were enticed to open malicious emails with this subject line as many people scan documents via this scanner/printer model and email them to other people or to themselves.

The Locky phishing emails have an attached ZIP file which when opened enables the downloading of the Locky ransomware and locks out users from their computers until ransom money is paid.

The Locky ransomware came into the limelight when a US-based hospital publicly acknowledged in February 2016 that the ransomware blocked access to hospital computers and demanded ransom payment worth 40 bitcoins (equivalent to $17,000 at that time). The hospital, said in a statement, that paying the ransom was the “quickest and most efficient way to restore our systems and administrative functions”.

Email hijacking and computer takeover are just two examples of the many vulnerabilities of your organization’s email system.

Contact us today to learn more about how to protect your enterprise emails from third-party data breaches, phishing, keylogging and ransomware.

Leave a Reply

Your email address will not be published. Required fields are marked *