With the growing turmoil over the global political climate, cyber-attacks are increasingly on the rise. Just today Ukraine announced that several government organizations and banks were the victims of Distributed Denial of Service (DDoS) attacks. The defense, foreign, and interior ministries, as well as the country's largest commercial bank, Privatbank were all subject to attacks (Source: BBC).
Although there are always new risks continually emerging against networks and infrastructure, there are best practices that can be taken to mitigate cyberattacks.
One of the first steps that organizations should take to combat cyberattacks is to create and instill policies against email phishing attacks. Simply put, email phishing is a type of attack that hackers use to trick victims into handing over their sensitive information or installing malware onto their systems via an email message. A phishing email will appear as if it is coming from a trusted source and will entice you to click on a URL link or open an attachment that contains malicious executable code that can compromise a computer system.
A recent study on the Verizon Data Breach Report 2021 shows that phishing attacks make up 36% of network breaches and that 95% of businesses' email compromise losses were between $250 and $980,000. The numbers go to show how effective email phishing can be to an attacker. So what can a company, organization, or government entity do to mitigate these types of attacks?
Increase end-user awareness
By increasing end-user awareness of email phishing, a company can help mitigate phishing attacks that lead to either a network breach or important PII from being released. Some basic tips to increase users on the network are to:
Check the Domain name of the email (the part after the @ symbol). Did the email come from a well-known or trusted domain?
Many phishing emails can be identified just from the domain name itself.
Look at what the email is asking for or the message the email is trying to relay. Use your head and think. Most companies will never ask for your credentials within an email
Look for grammatical errors within the email.
NEVER click a link or open a file that is attached to an email that you are unsure about.
Surely, end-user awareness shouldn't be an organization's only line of defense. Let's be honest, hackers are constantly becoming more creative, leading to creative ways to trick end-users.
Advanced Email Threat Protection
Another method of email protection is called Advanced Email Threat Protection (ATP), which can be utilized by organizations using Microsoft Defender for Office 365. ATP is an email filtering service used to help mitigate malware and virus infiltration. It can block threats before ever reaching end-user mailboxes. As mentioned, this protection service is built into Microsoft Exchange Online Protection (EOP).
The next layer of email protection that an organization can implement to help mitigate malicious attacks using email phishing is a method called Sandboxing or Email Detonating.
Sandboxing is a process that after an email is checked for threads (attachments, malicious URLs, blocked domains, etc.) by Microsoft Office 365 EOP, the email then goes through a virtual environment (sandbox) that is separated from an organizations network. It then executes (detonates) any suspicious files, URLs, or attachments within the email to record and log the outcome. If the sandbox detects malicious intent within the email, actions can be taken to quarantine that email message and prevent it from ever reaching the end-user inbox.
Sandboxing is incredibly useful in preventing zero-day threats, which are new cyber threats that have yet to be discovered and recorded. Because zero-day threats are new and yet to be seen, they do not appear in any repositories containing malicious signatures that anti-malware protections look to for fact-checking if a file or URL is malicious.