Search Close
Email Security Blog

Addressing Sophisticated Email Attacks

Markus Jakobsson November 8th, 2016 Government Secure Email
Fallback Featured Image

Just ten years ago, Internet security abuses were almost synonymous with small-time crime, e.g., poorly spelled email messages used in attempts to steal banking credentials. The threat is very different these days.

Starting in 2007, nation states started using cyberattacks to accomplish political goals. In the first high-profile case, prompted by political tensions between Estonia and Russia, a series of cyberattacks took down the internet in Estonia—including the Estonian parliament, banks and news organizations. Georgia suffered similar attacks just one year later. In December 2015, in the middle of armed conflict between Ukraine and Russia, politically motivated hackers took down a large portion of the Ukranian power grid. Stuxnet is another example of a politically motivated cyberattack. Constructed by U.S. and Israeli forces with the goal of sabotaging Iran’s nuclear program by corrupting SCADA and PLC systems, it was one of the first known covert cyberattacks.

While early politically motived cyberattacks focused on destruction – whether related to the internet, the power grid or uranium centrifuges—a more recent breed of politically motivated attacks have instead aimed at extraction of sensitive information. This is the likely motive behind the 2016 ransomware attacks mounted on members of the U.S. congress, and beyond doubt the reason for the 2014 attack on the Office of Personnel Management and the 2016 attack on the Democratic National Committee (DNC). Another form of attack based on extraction focuses on funds instead of information; an example of this is the 2016 series of attacks on the Swift infrastructure, epitomized by the heist on Bangladesh Bank. This attack straddled the fence between politics and profit by transferring massive amounts of funds to a politically ostracized regime.

Whether we are considering attacks aiming for destruction or extraction, it is indisputable that the sophistication of attacks has shot through the roof as groups sponsored by nation states have entered the playing field; however, at the same time, the principal attack vectors have remained the same. Namely, all the attacks described above involved malware, and most leveraged social engineering to create deceptive emails—commonly for delivering Trojans, sometimes for stealing credentials.

Over the coming weeks, I’ll be publishing a series of blog posts that explore the use of email as an attack vector in more detail. Don’t forget to subscribe (in the top right hand corner of this web page) to find out when my next blog is published.

Leave a Reply

Your email will not be published. All fields are required.

August 10, 2018 Patrick Peterson

Half of Federal Agencies Racing to Meet DMARC Active Enforcement Deadline

Markus Jakobsson, Chief Scientist for Agari, has spent more than 20 years as a security researcher,…

January 16, 2018 Fareed Bukhari

Federal Government DMARC Adoption Surges Ahead of DHS BOD 18-01 Deadline, but More Work Remains

Markus Jakobsson, Chief Scientist for Agari, has spent more than 20 years as a security researcher,…

December 18, 2017 Patrick Peterson

Email Security and the New DHS Directive 18-01

Markus Jakobsson, Chief Scientist for Agari, has spent more than 20 years as a security researcher,…

December 15, 2017 John Wilson

How to Create an Agency Plan of Action for BOD 18-01

Markus Jakobsson, Chief Scientist for Agari, has spent more than 20 years as a security researcher,…

November 13, 2017 John Wilson

DHS' BOD 18-01 for Email Security: What You Need to Know

Markus Jakobsson, Chief Scientist for Agari, has spent more than 20 years as a security researcher,…

mobile image