As you may know, computer viruses and malware describe a host of constantly evolving malicious software determined to compromise your email security, disrupt company operations and steal your sensitive information.

“Due to the common practice of using email as an easy common denominator for electronic communication between business employees,  the threat that email presents will not go away anytime soon. The solutions we offer related to email security are never absolute, but they are adaptive, and that is the most important thing to consider when addressing this threat. As soon as an email protection technique is understood, the massive community of truly malicious and less-malicious spammers find a workaround, which is one reason why effective email filtering must be adaptive.” – Richard Pressler, CTO AllConnected

Cybercriminals exploit this process too, creating notifications that spoof the Windows Update, tricking you into downloading the latest phishing exploits! They develop schemes to deliver malware (like Clop ransomware) that disable multiple Windows 10 applications, including Windows Defender and Microsoft Security Essentials.

And as we discussed in our previous posts, the COVID-19 pandemic has provided a unique opportunity for hackers to impersonate legitimate agencies and news sources to email malware to remote victims.

If infected, you might have your data hijacked and held for ransom. Or your PC might slow down, your applications fail, and/or your identity might be stolen and exploited by cybercriminals in ways you never hear about.

Last year, Kaspersky Antivirus identified over 24 MILLION “unique malicious objects,” impacting roughly 20% of internet users, with a larger focus on businesses. CSO indicated that 94% of malware is delivered via email, and the resulting data breaches cost enterprises an average of $3.92 million.

We can all do more to secure our email, individually, and as organizations.

10 Tips to Prevent Malware in Your Email and Internet

On an individual level, the following are recommended as part of an ongoing Zero Trust policy:

Set New Email Rules: Create a rule to flag emails where the “reply to” email address is different from the “from” email address. Set a rule to flag trusted company emails so fraudulent ones stand out.
Color Code Emails: Select one color for all inbound employee/internal emails and another for non-employee/external emails.
Encrypt: Use encryption for all sensitive and confidential email communications.
Harden your Browser: Use an anti-phishing tool offered by your web browser or third party to alert you to risks.
Implement AD Blocking: Malware is often delivered through “malvertisements,” even on legitimate sites.
Caution with links: Don’t visit questionable web sites (porn, bit torrent, piracy sites, hacker forums, etc.)
Caution with mobile apps: Don’t download mobile apps from untrusted sources.
Don’t over-share. Don’t share your upcoming travel dates and itinerary on social media.
Append all incoming emails from outside the organization with a note to internal users that the email is “This message was received from outside the Organization.”
Create Strong Passwords: and refresh them periodically. This is especially important to prevent Password Stuffing. Read more how 500,000 passwords for Zoom were recently discovered using this technique.

Add Advanced Protections for Your Organization

To secure your Organization from ongoing threats, AllConnected provides a variety of email security services and processes to prevent data breaches. We recommend a multilayered approach that includes Cisco Umbrella to block DNS requests for websites that are distributing malware payloads, including sites that are only online for a few days or hours.

For Email security, we recommend solutions that include Advanced Threat Protection.

What is Advanced Threat Protection?

Advanced threat protection (ATP) refers to a category of security solutions that defend against sophisticated malware or hacking-based attacks meant to circumvent traditional security solutions such as antivirus, firewalls, and IPS/IDS.

Available as a software or managed service, ATP take a proactive approach to security by identifying and eliminating advanced threats before data is compromised.

Any ATP solution should involve:

Stopping or preventing the attack in the first place through advanced AI detection;
Breaking the attack chain or life cycle by understanding the extent of the incident and how to rectify and avoid similar issues in the future.
Disrupting and countering the subsequent attack activity: preventing malware from disarming systems or exfiltrating data;

Option 1: Office 365 Advanced Threat Protection (ATP)

For advanced threat protection for Office 365, one option is Office 365 Advanced Threat Protection (ATP), which encompasses the following:

ATP Safe Attachments: protects against unknown malware and viruses, and provides zero-day protection to safeguard your messaging system. All messages and attachments that don’t have a known virus/malware signature are routed to a special environment where ATP uses a variety of machine learning and analysis techniques to detect malicious intent. If no suspicious activity is detected, the message is released for delivery to the mailbox.

ATP Safe Links: proactively protects your users from malicious URLs in a message or in an Office document. The protection remains every time they select the link, as malicious links are dynamically blocked while good links can be accessed.

ATP for SharePoint, OneDrive, and Microsoft Teams detects and blocks files that are identified as malicious in team sites and document libraries. In addition, ATP Safe Links protection is now available in Microsoft Teams channels and chats.

ATP anti-phishing: checks incoming messages for indicators that a message might be a phishing attempt. When users are covered by ATP policies (Safe Attachments, Safe Links, or anti-phishing), incoming messages are evaluated by multiple machine learning models that analyze messages and the appropriate action is taken, based on the configured policies.

As soon as an email protection technique is understood, the massive community of truly malicious and less-malicious spammers find a workaround, which is one reason why effective email filtering must be adaptive. 

 – Richard Pressler, CTO

Option 2: Barracuda Advanced Threat Protection (ATP)

Barracuda Advanced Threat Protection is a multi-layered, cloud-based service that analyzes traffic across all of the major threat vectors:

Email
Web Browsing
Web Applications
Remote Users
Mobile Devices
Network Perimeter

Barracuda ATP leverages the most up-to-date global threat intelligence network along with advanced machine learning techniques to stay ahead of ever-evolving malware.

AllConnected uses the Barracuda Email Security Gateway as part of our SmartConnect Managed Service.  It is a cloud-connected email security appliance that manages and filters all email traffic to protect organizations from email-borne threats and data leaks. It also lets organizations encrypt messages and spool email in the cloud when an mail server becomes unavailable.

Barracuda Advanced Threat Layers

Layer 1: Advanced Threat Signatures
Barracuda maintains a massive database of known threat signatures that is used to detect and block any known threat. Whenever a new threat is identified, its signature is immediately added to the database and shared across all our security products and subscribers in real time.

Layer 2: Behavioral and Heuristic Analysis
Any email or data that is not blocked at Layer 1 is then subjected to behavioral and heuristic analysis at Layer 2. In this layer, questionable code and scripts are analyzed in a controlled environment. This layer looks for suspicious activities such as replication, file overwrites, and obfuscation attempts.

Layer 3: Static Code Analysis
Static code analysis examines parts of any executable file to find questionable code without actually executing the code. This layer is a fast and highly effective method of pre-filtering malware before sending questionable files on to the final, sandboxing layer.

Layer 4: CPU-Emulation Sandboxing
The final layer of analysis is a comprehensive CPU emulation-based sandbox that detonates any suspect files that have survived the previous layers. By using CPU emulation, the Barracuda Advanced Threat Protection can detect threats that are designed to evade traditional virtualization-based sandboxes.

Conclusion 

While not every solution fits every situation, AllConnected works in a variety of environments to provide your organization with an improved security framework, resilient infrastructure, data protection and recovery solutions that are comprehensive, affordable, and scalable.

If you’d like to learn more about how we prevent and mitigate malware, please schedule a no cost consultation with one of our technical professionals: