Business & Technology
Security news is filled with stories about the latest sophisticated exploits, multi-vector attacks, compromise of wide ranging IoT and more, all designed to breach the security defenses of today’s network. While these attacks pose a real threat to organization, the reality is that age old email is still the primary vector for the distribution of phishing and malicious code. For example, more ransomware is successfully delivered by way of email-based attacks that leverage social engineering techniques, than by any other method. In fact, just last month (April) the 2018 Verizon Data Breach Investigations Report revealed that the most common source of successfully installed malware (accounting for 49%) was email.
As email borne malware continues to grow in volume and sophistication, the FortiGuard Labs threat research teams continues to track evolving email campaigns. GandCrab ransomware, for example, has quickly evolved into its second and third major phases, as described here.
The FBI IC3 division just released its Internet Crime Report for 2017, and among its findings was a staggering 15,690 incidents of business email compromise. What is especially alarming is that criminals who rely on heavy social engineering tactics to establish a trusted persona via email often have little need for malware attachments or links in order to exploit a victim, limiting the content for email security to inspect. Yet this class of attack is remarkably successful. In 2017 it resulted in an estimated total cost of $675 million dollars to victims, or roughly $52,000 per incident, which means that the cost of falling prey to this sort of fraud is sizable.
To that point of sizable costs of compromise, this past March the US Department of Justice filed charges against a cybercriminal group for a single phishing campaign that, among others, impacted more than 300 universities across 21 countries, stealing 31 TB of academic data and intellectual property that had cost an estimated $3.4bn to develop and procure.
Suffice it to say that the last three months of 2018 have clearly demonstrated the continued need for stronger and more efficient email security. To better address this often neglected threat vector, Fortinet just announced the availability of a major release (v6.0) of our FortiMail Secure Email Gateway that includes advanced features specifically designed to address the growing volume of increasingly sophisticated email-based attacks, including social-engineering-based attacks.
As organizations add digital services and processes, the attack surface expands. One area cybersecurity leaders too often overlook is email security. Learn more about why this would be a major oversight.
In our next blog, we will discuss some of the latest cybercriminal tactics that are helping attacks being launched through the age-old email vector earn so many ill-gotten rewards, along with the key capabilities in the new FortiMail 6.0 that have been designed to thwart them.