Industry Trends

Advanced Threats and the Inbox: Trends in Email Security

By Stefanie Hoffman | July 30, 2012

While an invaluable communication tool, email remains one of the most effective and reliable threat vectors around. The reason? It still works.

It's no secret email is the gateway to sensitive customer information, crucial databases and other valuable data. Attacks that leverage email as the initial point of entry provide lucrative returns for their operators.

The email security market has little room to be complacent. Email security continues to evolve to keep up with increasingly sophisticated, multi-faceted threats and counteract stealth malware designed to evade standard security mechanisms.

Here are a few of the latest trends that will likely emerge even stronger down the road.

Email attacks become more targeted: For years, cybercriminals have leveraged email to personalize attacks and achieve credibility with victims as a means to increase success rate. But the proliferation of advanced persistent threats and other forms of stealth malware have taken targeted attacks to a whole new level. And it's only going to get worse. Users can expect targeted phishing emails to only become more personalized -- targeted by language, region, city or interest group -- as cybercriminals strive for greater return on their investments.

Advanced malware becomes status quo: Cybercriminals have long been relying on email as a vehicle to deliver infected PDFs, .exe files and other malicious attachments. That's not going to change. What will likely change, however, is the technical sophistication of the attached malware. While numerous reports have noted that overall spam levels have decreased, the number of emails that come with malicious code attached are on the rise. With the proliferation of advanced threats, it only stands to reason that attached APTs will not only become more common, but the norm.

Spear-phishing is standard in cybercrime arsenals: The significant spike in advanced malware coupled with targeted attack trends are equipping spear-phishers with increasingly sophisticated tools to add to their arsenal. And that means stealthier and more effective spear-phishing campaigns. These days, cybercriminals are equipped with the ability to send specialized, highly targeted attacks to focused groups, as well as personalized emails to individuals, designed to trick the most security savvy of users.

Data the new target: Once upon a time, phishers were intent on acquiring login credentials and credit card information. That hasn't changed, but these days, they're also targeting high-value Big Data that includes intellectual property, blueprints and source code. Malware that rides on malicious attachments increasingly possesses stealth capabilities aimed at evading detection, silently infiltrating classified systems and lifting an organization's most sensitive data. As in the past, the gateway to critical information is often via e-mail, providing a direct pathway to an organization's crown jewels by exploiting the weakest link -- the user.

With email still a viable threat vector for cybercrime, email security solutions will remain in high demand for the foreseeable future. The email security market is being forced to adapt in order to stay relevant and combat a rapidly evolving threat landscape.

As with other security solutions, email security needs to incorporate new sets of robust features as part of a comprehensive, multi-layer defense strategy, which includes the following:

Antispam/Antimalware: A standard feature, but not to be overlooked, antimalware these days should be bolstered with threat detection and mitigation to stave off advanced attacks.

Data protection/Encryption: Data protection technologies such as encryption gives the user the ability to mask data in transit on outgoing e-mails, but can also include PKI, key exchange and client software.

Reputation Protection: Reputation security allows users to identify malicious code based on its history, which, in turn, provides the ability to identify and block inbound and outbound spam and malware, while also ensuring that the domain server is not blacklisted or compromised.

Data Loss Prevention (DLP): This helps users enforce policies that prevent valuable information from leaving the organization via email, either accidentally or intentionally. That gives IT administrators the ability to block messages containing sensitive information from exiting the network or unauthorized use, while providing an additional security layer that bolsters compliance of PCI DSS, HIPAA, GLB, SOX and other regulatory mandates.

Join the Discussion