Prevent Spear Phishing Attacks With Improved Email Security

By Mike Spykerman, VP at OPSWAT

Most hacks and data breaches start with a spear phishing attack that installs malware onto the system and then provides an entry point for hackers. Recent high profile data breaches, including those suffered by Target, Anthem, Sony and even the White House, all started with a spear phishing attack. A spear phishing attack is a carefully crafted email targeted at specific individuals within an organisation that is engineered to look legitimate and fool even the most tech-savvy users. The email will usually have a malicious attachment or link that installs malware in order to attempt to gain system access.

Why are these spear phishing attacks so successful, time and time again? Why are large organisations unable to protect themselves against these attacks? The reason is because the attackers are highly skilled at crafting legitimate looking emails that are only sent to a small number of individuals, and are therefore not detected by regular spam filters. Also, many spear phishing attacks make use of unknown threats or zero-day vulnerabilities that not all anti-malware engines will be able to detect.

Beef Up Your Email Security

To protect against spear phishing attacks, companies must improve their email security defences so that more spear phishing emails will be detected and stopped. Traditional email security products are typically not equipped to detect and block spear phishing attacks. Most spam filtering products rely on prior detection and black lists in order to flag an email as spam. Since spear phishing emails are sent to only a small number of recipients, and sometimes use hacked email accounts, it is nearly impossible for an automated spam filter to distinguish these emails from legitimate ones. Using only one anti-malware engine to check for email threats will not provide enough protection against spear phishing attacks, since they often use unknown malware or try to bypass specific engines. Therefore, a more advanced approach is needed. Below are three methods that will greatly strengthen your email security defences against spear phishing:

#1 – Use Multi Anti-Malware Scanning:
Through the use of multi-scanning with multiple anti-malware engines, malware detection rates are significantly increased. Multi-scanning leverages the power of the different detection algorithms and heuristics of multiple engines, therefore increasing detection of both known and unknown threats, as well as protecting against attacks designed to circumvent particular antivirus engines. In addition, since anti-malware vendors address different threats at different times, using multiple scan engines will help detect new outbreaks much faster. It is important to distinguish between multi-scanning and simply using multiple antivirus engines. When using multi-scanning technology, performance is greatly enhanced and potential conflicts between different engines are avoided.

#2 – Sanitize Email Attachments:
As a precautionary measure, it is highly recommended to change the format of incoming email attachments in order to remove any possible embedded threats that may go undetected by antivirus engines. Many spear phishing emails include malicious Word or PDF attachments. By changing the format of a Word document to PDF and vice versa, scripts and other possible threats are automatically removed.

#3 – Limit Email Attachment Types: 
By blocking potentially dangerous email attachment types such as .exe files and scripts, it is more difficult for malware to spread. It is also important to verify the attachment file type, so that .exe files that are renamed as .txt files do not get through the company’s filters.

In addition to improving your email security measures, you must also make sure that your employees are aware of possible spear phishing attacks. A warned employee might be able to spot that something is out of the ordinary. Finally, if you make sure that your data is segregated and encrypted, even if the attackers get an employee to click on a malicious email attachment, data encryption, and segregation can ensure that your data is still safe, regardless of the intrusion.