Email Systems Security Threats

email phishing security cyber security cybergate your security partner

Email Systems Security Threats


4 top Cyber threats for your E-mail system

The origin of computer-based mail, today known as e-mail or email, dates back to the early 1960s. Emails nowadays are used as a marketing tool, a notification and alerting medium and a fast channel via which individuals and organisations communicate. E-mail usage is predicted to experience an annual growth of 2-3% from 2018 to 2023 according to Statista. Reputable global marketing agencies estimate that around 45% of businesses are expected to spend more money on email marketing in the years to come!

More than 300 billion emails were sent and received per day during 2020. (Statista.com)

99% of email users check their mailbox at least once a day – and in total there are 3.9 billion active email users globally according to the technology market research firm Radicati Group.

Below we explore the top four email systems cyber threats.

Spoofing and Phishing

Cyber criminals use spoofing techniques to send an email pretending to be someone the receiver knows. Relatively easy to carry out but extremely hard to trace the real sender. Phishing is another dangerous and common method used by black hat hackers to trick users to execute an action such as granting access to confidential data, sending credentials, sending of funds into a specific bank account or simply clicking a link to take the user to a malicious website. Users need to be made aware of these deceiving emails, the risks and what to do in case they receive such a socially engineered email (from a trusted email address).

Anti-phishing solutions are generally not enough; awareness training backed by phishing simulations are of utmost importance to keep safe.

Spam

This is when an unsolicited email is received. When received in bulk, such messages disrupt user productivity, use up excessive IT resources and can be a vehicle for malware.

Ransomware

When one of the users inside an organisation gets infected, a ransom fee is asked for all the data that was encrypted by the cyber criminals, to be released. Scanners and filters are recommended to be implemented to detect and subsequently prevent specific behaviours leading to ransomware. A recent trend shows that even in scenarios where the company can reinstate a clean backup, black hat hackers ask for ransom fees (usually in Bitcoin) not to leak the data they got their hands on. Always take frequent backups, test for their integrity and secure them in a separate location, either physically or on a cloud storage provider.

Malware

Increasingly, attackers are using emails to deliver a range of email attachments to reach end users with the aim of taking over one’s computer and/or the whole network system. It is recommended that all files are to be scanned, analysed and cleared by antivirus software and more sophisticated behaviour analysis services. These malicious softwares include trojan horses, spyware, worms and viruses. Hackers exploit them to gain access to sensitive data, monitor users’ activities, change settings, steal confidential records and perform other malicious actions.

Cybergate can help with the following: Cyber awareness training, Phishing as a service and penetration testing to ensure your email system is configured securely and does not contain any vulnerabilities. An investment in the latter can help you prevent: data loss, client-side attacks due to misconfigured or outdated email systems and employees’ actions that can lead to ransomware infections, file format exploits (malware) and socially engineered attacks.

As a best practice, to avoid business email compromise, always configure and protect your emailing system, analyse log Files, Back up Data Frequently, keep up-to-date scanners and spam filters to protect against Malware and perform periodic security testing.

    We are here to help




    Francesco Mifsud
    [email protected]

    I live and breathe cyber security and everything else in the discipline. With around a decade of experience in the industry I have had the opportunity to develop skills in penetration testing, cloud security, reverse engineering & exploit development, application security engineering, management and organisation-wide cyber security strategy. I hold a well-rounded set of security certifications such as OSCP, eWPTX and CISSP and have delivered training & workshops at some of the most prestigious hacking conferences such as DEF CON, BRU CON, BSides London and BSides Manchester.