Ransomware Attacks Are Here to Stay

Following the highly publicized (and successful) $4M+ ransom of Colonial Pipeline, attacks like these will only get more popular. Indeed this week, the New York Times reported “Ransomware Disrupts Meat Plants in Latest Attack on Critical U.S. Business.”

These attacks are here to stay. Are you ready?

SEGs are not enough

Despite investing a record $3B in Secure Email Gateways (SEGs) in 2019, US companies still lost $1.7B to phishing.

That’s because SEGs scan incoming messages once, by referencing a database of known threats. Many SEGS, such as Microsoft Defender, have a feature called Microsoft Safe Links, which adds add time-of-Click Protection (URL re-writing). This gives users a second chance to catch phishing threats as they click links in message bodies. This measure still relies on databases of known threats and attackers easily defeat it by simply putting the URLs in attachments or other basic evasion technique.

Meanwhile:

• Spear phishing and Business Email Compromise (BEC) attacks don’t contain URLs or attachments, so they appear harmless to the SEG.
• Cousin domains are used to obfuscate URLs.
• Attackers serve up local versions of a spoofed site, so the domain looks legitimate.
• Trustworthy form-builder services like Microsoft forms, Google forms, Typeform, 123formbuilder and Native forms are leveraged.
• And attackers are constantly iterating and launching new threats.

Once the tainted email has evaded the SEG, the user is your only line of defense.

Time to layer Inbox Detection and Response on top of SEGs

Inbox Security is a new technology – advanced algorithms continually monitors the user’s entire mailbox, finding phishing emails, tagging them, and cleaning up all affected mailboxes so users can’t engage with the threats. Without disrupting the user.

Cyren Inbox Security was built to safeguard each and every Microsoft 365 mailbox in your organization. It is a continuous and automated layer of security that: