Email Security Blog

Addressing Sophisticated Email Attacks

Markus Jakobsson November 8, 2016 Government Secure Email
Fallback Featured Image

Just ten years ago, Internet security abuses were almost synonymous with small-time crime, e.g., poorly spelled email messages used in attempts to steal banking credentials. The threat is very different these days.

Starting in 2007, nation states started using cyberattacks to accomplish political goals. In the first high-profile case, prompted by political tensions between Estonia and Russia, a series of cyberattacks took down the internet in Estonia—including the Estonian parliament, banks and news organizations. Georgia suffered similar attacks just one year later. In December 2015, in the middle of armed conflict between Ukraine and Russia, politically motivated hackers took down a large portion of the Ukranian power grid. Stuxnet is another example of a politically motivated cyberattack. Constructed by U.S. and Israeli forces with the goal of sabotaging Iran’s nuclear program by corrupting SCADA and PLC systems, it was one of the first known covert cyberattacks.

While early politically motived cyberattacks focused on destruction – whether related to the internet, the power grid or uranium centrifuges—a more recent breed of politically motivated attacks have instead aimed at extraction of sensitive information. This is the likely motive behind the 2016 ransomware attacks mounted on members of the U.S. congress, and beyond doubt the reason for the 2014 attack on the Office of Personnel Management and the 2016 attack on the Democratic National Committee (DNC). Another form of attack based on extraction focuses on funds instead of information; an example of this is the 2016 series of attacks on the Swift infrastructure, epitomized by the heist on Bangladesh Bank. This attack straddled the fence between politics and profit by transferring massive amounts of funds to a politically ostracized regime.

Whether we are considering attacks aiming for destruction or extraction, it is indisputable that the sophistication of attacks has shot through the roof as groups sponsored by nation states have entered the playing field; however, at the same time, the principal attack vectors have remained the same. Namely, all the attacks described above involved malware, and most leveraged social engineering to create deceptive emails—commonly for delivering Trojans, sometimes for stealing credentials.

Over the coming weeks, I’ll be publishing a series of blog posts that explore the use of email as an attack vector in more detail. Don’t forget to subscribe (in the top right hand corner of this web page) to find out when my next blog is published.

Leave a Reply

Your email will not be published. All fields are required.

Agari Blog Image

August 10, 2018 Patrick Peterson

Half of Federal Agencies Racing to Meet DMARC Active Enforcement Deadline

Executive branch DMARC adoption hits 81%—but with roughly 90 days to go, most have yet…

Agari Blog Image

January 16, 2018 Fareed Bukhari

Federal Government DMARC Adoption Surges Ahead of DHS BOD 18-01 Deadline, but More Work Remains

The first deadline for the Department of Homeland Security Binding Operational Directive (BOD) 18-01 has…

Agari Blog Image

December 18, 2017 Patrick Peterson

Email Security and the New DHS Directive 18-01

On October 16, 2017, the Department of Homeland Security (DHS) issued Binding Operational Directive 18-01…

Agari Blog Image

December 15, 2017 John Wilson

How to Create an Agency Plan of Action for BOD 18-01

The Department of Homeland Security binding directive (BOD 18-01) outlines several milestones that agencies must meet in…

Agari Blog Image

November 13, 2017 John Wilson

DHS' BOD 18-01 for Email Security: What You Need to Know

Are you ready for Binding Operational Directive 18-01? On October 16, 2017, the Department of…

mobile image