What is an email cyberattack?

It is another workday, and one of your client’s users is perusing through their inbox and sees an email from the U.S. Internal Revenue Service (IRS). Her first thought is, “Why would the IRS be contacting me?” Without thinking further, she quickly opens the email, clicks on the link and BAM! Next thing she sees on her screen is a message telling her that her files have been encrypted and she must pay a ransom to get the key to decrypt them.

This is one popular example of an email cyberattack, which has just used email as an attack vector to steal the user’s credentials and other sensitive or personal data so it can be leveraged for malicious intent. Despite the growth in more targeted attacks through other vectors, email is still the most common channel for opportunistic and targeted attacks and a significant source of data loss.  

Unfortunately, there are many types of email cyberthreats and it is important that every user understands what they look like, so they do not become a victim.

Spamming uses emails or text messaging to send continuous unsolicited messages to large numbers of individuals, typically for advertising purposes. Unfortunately, cybercriminals also use spam to send unsolicited messages to deliver malware. Despite the use of antispam filters, some malicious spam emails can evade those defenses, and still get through to a user’s inbox. Once a user opens and clicks on a link within the email, a payload is delivered, most commonly ransomware.

Email phishing is a type of online scam where criminals use social engineering to entice a user to divulge personal or sensitive information, such as their social security number, bank account number, credit card number, etc. As an example, a phishing attack might look like a legitimate email for renewing your Microsoft 365 subscription, but the email contains an embedded link that takes the user to a malicious page disguised as a Microsoft 365 renewal page — the goal being to steal credentials or credit card information.   

Spear phishing and whaling attacks

Spear phishing is a form of phishing that targets a specific victim who have been researched using insider knowledge or publicly available information, such as social media. These attacks can be quite convincing, because they are highly personalized — often involving real names and roles within the company. For example, an attack might be disguised as an email from a user’s direct manager or IT department.

Another type of spear phishing – a whaling attack – targets high-ranking or high-profile victims within a company.

95% of all attacks on enterprise networks are the result of successful spear phishing.

Business Email Compromise (BEC) refers to all types of email attacks that do not have payloads, such as URLs or attachments. Although there are numerous types of BEC attacks, there are essentially two main mechanisms through which attackers penetrate organizations utilizing BEC techniques.

Lateral phishing. Once an account has been compromised using phishing or malware, a malicious actor can leverage the account for lateral phishing. Lateral phishing happens when a cybercriminal takes over a user’s company account to phish other users inside the company.

Spoofing. Spoofing is when a cybercriminal creates a forged, look-alike email account – disguised as an account belonging to a legitimate, trusted organization or person, such as PayPal, Federal Express, Bank of America, a company’s CEO, etc. Using this account, the criminal sends an email to a target. Both the email account and a corresponding website look just like the recognized brand or individual but, in fact, they are forgeries. For example, Peter gets an email from his CEO telling him to transfer money to a vendor. The CEO and vendor are both fake entities, which the malicious actor leverages for final gain.

Over three billion domain spoofing emails are sent per day.  

Zero-day exploits refer to attacks that exploit a software vulnerability that is not yet known to the software provider. A patch to fix the exploit is unavailable and security administrators have “zero days” to eliminate the vulnerability. Eventually, all vulnerabilities become known and security patches can remediate the risk they pose, but this process may take months or even years. Zero-day exploits pose a significant threat to businesses, as they are difficult to detect and they use various evasion techniques to elude standard detection technologies that rely on known data and behaviors.

Acronis Cyber Protect Cloud minimizes cyber risks and protects your clients’ email data and collaboration applications. It is a single solution that integrates best-of-breed backup and recovery, next-generation anti-malware focused on ransomware and zero-days, and cyber protection management. To provide email security, Acronis Cyber Protect Cloud includes:

• Backup and recovery to protect your email data and ensure no data loss
• Acronis Active Protection to proactively stop cyberthreats across workloads, including ransomware and zero-day attacks
• Vulnerability assessments and patch management functions to help you identify vulnerabilities before patching and prioritize patch management based on criticality
• Data loss prevention (DLP) with device control for your business’ endpoints to minimize insider threats, gain visibility into data protection, and enforce process compliance.

By adding Acronis’ Advanced Management pack, you can prioritize patching for collaboration applications and the Advanced Security pack helps you protect those collaboration applications against exploitation.

With the flip of a switch, the Advanced Email Security pack – which is based on Perception Point’s platform – extends Acronis Cyber Protect Cloud’s capabilities to block any email-borne threats – including spam, phishing, BEC, advanced persistent threats (APTs) and zero-day attacks – in seconds – before they reach end users. The Advanced Email Security pack includes:  

• Anti-evasion technology that detects hidden malicious content by recursively unpacking embedded files and URLs and separately running them in multiple versions with patterns analyzed by dynamic and static detection engines
• Phishing and anti-spoofing engines to stop phishing attempts with threat intelligence from market-leading sources in combination with best-in-class signature-based technologies, URL reputation engines, and unique image-recognition algorithms for real-time analysis
• Next-generation dynamic scan to prevent advanced attacks that evade conventional defenses, such as zero-days and APTs, with a unique CPU-level technology that acts earlier in the attack chain to detect exploitation techniques
• 100% scanning of inbound and internal emails to analyze all content, including files and URLs
• Direct access to cyber analysts and email security experts that monitor all customer traffic and analyze malicious intents with ongoing reporting and 24/7 support, including handling false positives and remediating and releasing as required
• X-ray insights that provide a holistic view of the threat landscape across any organization with forensics data for each email, proactive insights on threats seen in the wild, and analysis of any file or URL the Security Operations Center (SOC) team needs forensics on.
• Fast cloud-native deployment (e.g., within a few minutes), which integrates the solution directly into the email system without the need for additional configurations.

With Acronis Advanced Email Security pack, you can replace the complex security stack of anti-viruses, sandboxes, and content disarm and reconstruction technologies (CDRs) with a single, multi-layered solution for lightning-fast detection that is easy to deploy and manage.