The Email Security Paradigm Shift: From Prevention to Deception

    The concept of Cyber Security has undergone a significant transformation. In the past, we placed our trust in Firewalls, URL filters, or Endpoint Detection and Response (EDR) solutions, but today, these measures are entirely insufficient. If we once believed that we had done everything to prevent an attacker from entering our network, the current assumption is that the attacker is already inside the network, and damage is only a matter of time.

    Most attacks begin through the organization’s main communication channel – the email channel – using attacks like Business Email Compromise (BEC), Email Account Compromise (EAC), Phishing, and more, to steal the end user’s username and password. Such an attack can lead to a breach of the organization’s resources and, effectively, to Lateral Movement, i.e., moving within the organizational network. This movement is typically facilitated through Service Accounts, Shadow Admin Accounts, Cached Credentials, RDP sessions, and more, with the ultimate goal being to reach and steal information from highly sought-after servers such as the Active Directory or the organizational file server, either by exfiltrating the data to external sources or by encrypting it.

    Today, most organizations utilize Email Security solutions (spam filters) and Data Loss Prevention (DLP) solutions aimed at preventing these attacks and thwarting the exfiltration of data. However, as mentioned at the beginning, the current assumption is that the attacker is already in your environment, and the task now is to find them. Proofpoint addresses this issue with its ITDR solution.

    The first step involves removing Shadow Admin Accounts, Cached Credentials, RDP sessions that allow an attacker to move within the network, thereby reducing the attack surface. The next step is to plant deceptions at various points in the network/stations/servers:

    • Fake files and file shares
    • Database connections
    • FTP/RDP/SSH connections
    • Browser histories and URLs
    • Windows credentials
    • Network sessions
    • Emails
    • Scripts

    These deceptions are visible only to the attacker and not to the end-user, making any interaction with them a true event!

    Interested in learning more? We would be delighted to hear from you and arrange a meeting on the subject.

    What’s BEC? 

    Business Email Compromise (BEC) is a sophisticated scam targeting businesses by exploiting email communications to facilitate fraudulent activities, primarily financial fraud. This cyber threat involves attackers impersonating executives, employees, or business partners in carefully crafted email messages. The goal is often to trick the recipient into making unauthorized wire transfers or divulging sensitive information. BEC scams are known for their lack of malicious attachments or links, making them particularly challenging to detect with traditional email security measures. Instead, they rely on social engineering tactics, leveraging detailed research and manipulation to appear as legitimate requests. As a result, BEC poses a significant risk to organizations, leading to substantial financial losses and compromising the integrity of business operations.

    What’s AEC?

    Email Account Compromise (EAC) is a form of cyber attack where attackers gain unauthorized access to an individual’s email account to carry out malicious activities. This cyber threat is closely related to Business Email Compromise (BEC), but specifically involves the breach of personal or corporate email accounts. Attackers typically use phishing techniques, exploiting weak or stolen credentials to infiltrate the account. Once access is gained, they can monitor email communications to launch targeted attacks, initiate fraudulent transactions, or further propagate the compromise through the victim’s contact list. EAC poses a severe threat as it allows attackers to impersonate the account owner, conduct financial fraud, and extract sensitive information, thereby undermining personal security and corporate integrity.

    What’s Phishing?

    Phishing is a cyber attack method that employs deceptive emails, messages, or websites to trick individuals into disclosing personal information, such as passwords, credit card numbers, or social security numbers. These fraudulent communications are designed to mimic legitimate sources, often appearing to come from well-known organizations or contacts, in order to gain the trust of the victim. Phishing attacks may prompt users to enter sensitive information on a fake website, or encourage them to download attachments that install malware on their device. The ultimate goal of phishing is to exploit the stolen information for financial gain, identity theft, or to gain unauthorized access to secure systems. Due to its reliance on social engineering techniques, phishing remains one of the most prevalent and effective cyber threats today, emphasizing the need for individuals and organizations to remain vigilant and informed about cyber security practices.

    PREVIOUS Story Next Story

    Citrix Juniper Networks Palo Alto What is a firewall? Essential Guide in 2024
    April 4, 2024 by Denis Pozolotin
    How Eilat Municipality recovered from a cyber incident using Rubrik
    March 25, 2024
    Zero Trust Architecture: The Executive’s Guide to Cybersecurity Success
    March 11, 2024
    Immutable Backups: A Necessity in the Modern IT Environment
    December 19, 2023
    What is XDR and a road map for successful implementation
    January 25, 2024
    Palo Alto Cortex XSIAM: A Revolutionary Approach to Security Operations
    April 9, 2024 by Gavriel Itzhaki
    Prisma Cloud: Securing the Wild West of Your Cloud Empire
    December 19, 2023
    SASE: Cyber Security’s Answer to Modern IT Demand
    December 19, 2023
    What is API Security and its Growing Importance in the Digital Age
    December 17, 2023
    What is a Web Application Firewall and How to Choose the Right One for 2024
    December 17, 2023
    NGWF VM-Series: The Next-Generation Virtual Firewall Solution
    November 29, 2023
    Palo Alto Bolsters Cybersecurity Dominance with Talon’s Acquisition
    November 9, 2023
    Higher Trust: What’s the meaning of transition from ZTNA 1.0 to ZTNA 2.0
    November 2, 2023
    Enhancing Incident Response and Data Security with Rubrik Security Cloud
    September 27, 2023
    Rubrik Rubrik Acquires Laminar: Setting the New Benchmark for Cyber Resilience
    August 20, 2023
    Rubrik Backup & Recovery for Microsoft 365
    August 6, 2023
    Rubrik Business Continuity Plan
    July 27, 2023
    Amplifying Kubernetes Power: 10 Usage Scenarios
    May 23, 2023
    Rubrik Leading the trend: Merging Backup and Security
    June 26, 2023
    Proofpoint Innocom Set to Deliver Identity Theft Protection Following Proofpoint’s Latest Acquisition
    April 23, 2023
    Rubrik Beyond Traditional: Safeguard your backups against sophisticated attackers
    April 20, 2023
    Rubrik Rubrik Data Protection for Microsoft O365
    October 5, 2021
    Juniper Networks Juniper Networks- Welcome to Innocom Family!
    July 20, 2021
    Citrix How to secure a Source Code?
    September 9, 2020 by Denis Pozolotin
    Rubrik The Beauty of Immutability
    September 9, 2020
    Citrix Innocom Won Distributor of the Year 2020!
    January 25, 2021 by Denis Pozolotin
    Proofpoint Proofpoint Essentials Threat Protection Bundle for SMB’s
    June 3, 2021
    Proofpoint People centric: Protecting the human weaknesses
    September 9, 2020
    Palo Alto Safe and secure remote operation is one of the most important challenges for businesses today
    September 9, 2020

    Accessibility Toolbar