Defeating email security threats: Essential tips to protect your client's inbox 2024

AI-powered phishing and business email compromise (BEC) attacks are gaining notoriety worldwide and have gotten exponentially more sophisticated in recent years. Phishing emails are indecipherable from legitimate messages and criminals do not need to go to great lengths to create personalized content that deceives recipients. Unquestionably, it is difficult to keep employees and business leaders secure from nefarious content, and this challenge also spans to files and documents shared in collaboration applications that are prevalent targets of phishing attacks. 

According to a recent Perception Point report, 65% of attacks target Microsoft 365 applications such as Outlook, OneDrive, SharePoint and Teams. With threat actors eyeing popular productivity applications, mitigating the risk of human error is doubly critical to countering email-borne and content-based threats. Because most breaches can be traced back to human error, MSPs are shedding light on the importance of reducing human factors contributing to email compromise and collaboration app phishing with advanced email protection measures. 

Smart email security is the newest protection advancement to gain traction because of its proactive stance against sophisticated threats. These solutions are table stakes to fully protect MSP clients and minimize risk at the end-user level. Alongside traditional security awareness best practices, MSP leaders should recognize the benefits of the latest email security technologies that will help clients stay ahead of the curve and prevent attacks on your IT service’s watch.  

According to the Verizon Data Breach Investigations report, 68% of breaches involved non-malicious human factors. Phishing and BEC attacks have long been the culprit behind the most infamous email attacks. Adversaries are outwitting recipients faster than MSP can respond. The pressure rides on MSPs to prevent and stop such attacks; however, doing so presents complex challenges. 

Cybercriminals have turned to AI-powered email attacks for three main reasons: they require minimal investment, time and skill. There are endless use cases for cybercriminals abusing AI, including rapidly composing malware, drafting tailored phishing emails and automating activities in the attack chain AI has become a prime tool. Threat actors are not only bombarding inboxes and better disguising malicious emails by making them more convincing, but also using sophisticated phishing methods to bypass recipients and legacy email security solutions. This allows them to embed malware more deeply into files — and further evade conventional email protection. 

Cyberattackers also abuse collaboration applications, including Microsoft 365 and Google Workspace. In collaboration app phishing, threat actors recognize that these third-party tools are typically insecure and capitalize on businesses lacking productivity app-centric security. These are cross-channel attacks that target IT environments beyond Microsoft Outlook, Gmail and email tools. Critical applications used to share data-rich files and documents are being abused. When infected assets are shared between employees, stakeholders inadvertently spread malware — thus, the attackers require fewer resources to carry out lateral movement. 

To prevent attacks, effective protection boils down to MSPs and clients truly understanding how cybercriminals evade conventional email security and phishing awareness techniques. By examining current attack trends, MSPs and businesses can better align security against emerging adversarial activities. 

In one of the latest phishing attacks, StrelaStealer malware impacted over a hundred American and European organizations. The campaign targeted email account credentials from Outlook and Thunderbird. This was an unprecedented attack and the one of the first StrelaStealer incidents to target English-speaking users. Previously, the malware group was known for targeting the email accounts of Spanish-speaking users. The victims of the latest attack included professionals in technology, finance, legal services, manufacturing and government spaces. 

StrelaStealer employed various tactics to steal email account credentials with a new method unlike the ones used in their 2022 attacks. In these previous attacks, the telltale sign of the malware was that it used polyglotism to invoke 'rundll32.exe' and execute the malware payload. The malicious emails attached .ISO files that contained a .lnk shortcut and an HTLML file. In a new attempt, the 2024 attack used ZIP attachments to plague JScript files on the victim’s system. Followed by multiple complex steps to deploy StrelaStealer payload. Within a short two-year span, the malware has rapidly changed.  

In another cyberattack, Hewlett-Packard Enterprises (HPE) disclosed the company had been targeted by Russian ransomware group Midnight Blizzard. The group is also known as Cozy Bear, APT 29 and Nobelium. The group breached HPE’s cloud email environments to access and exfiltrate data from a percentage of HPE employee inboxes. Details of the ongoing investigation are still under wraps. This is another example of email threats that are circumventing the robust security measures of enterprise businesses and the importance of email security awareness training. 

But today's attacks are not limited to email environments. High-profile applications were the recent targets of Androxgh0st malware in a string of attacks on Microsoft 365, Twilio, Amazon Web Services (AWS) and SendGrid environments this year. The threat on widely used SaaS solutions has caught the attention of the FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) — and these agencies have issued alerts to all users. Their involvement is indicative of the severity that cross-channel threats pose to MSPs and clients nationwide.  

The basis for email attacks starts with human error. Once compromised, adversaries work to steal credentials, exploit vulnerabilities in the email platform and further the attack by spreading via lateral movement not only infecting by email but also by collaboration app file and document sharing. Cross-channel attacks allow threat actors to magnify the area of damage by using other productivity and communication channels to proliferate the threat. 

In response, the cybersecurity space is gearing up against such attacks with smart email and productivity app security solutions to detect and catch threats before they reach the recipient — and MSPs are laser-focused on enhancing client security with these latest technologies.   

Protecting your clients’ organization-wide email environments will require reinforcements on all fronts, including technologies, practices and employee training.  MSP leaders will need to strike a balance between these three focal areas to adequately minimize the risk of attack. The first sign of an email-borne threat shouldn’t be at the recipient level and ideally, proactive security measures are critical to preventing such attacks on MSP clients. The more an MSP can rely on security technologies to preemptively catch email threats, the less they need to rely on end users to make gut-wrenching calls. The best comprehensive security technologies to help MSPs bolster protection and mitigate human error more effectively include dynamic content scanning, email security solutions, AI- and ML-based technologies, collaboration application dedicated protection, anti-phishing measures and endpoint security.  

These proactive measures are proven to be effective in preventing or countering active email attacks on organizations. Specifically, to counter AI-based phishing attacks, multilayered security approaches are essential. For example, Acronis’ Collaboration Application Security for Microsoft 365 utilizes five protection layers to fight content-based threats. 

Acronis Cyber Protect Cloud uses AI-based static and behavioral heuristic detection to protect endpoints against advanced threats. Additionally, AI can be handy for automating mundane email security tasks such as scanning multiple URLs, files, documents and various types of content for malware. 

Examining real-world scenarios of smart email security solutions is crucial for understanding their effectiveness in combating increasingly sophisticated cyberthreats. MSPs can see the first-hand benefits and value that advanced security solutions bring, especially in the context of everyday MSPs that rely on smart email and productivity application security, like Acronis Cyber Protect Cloud.  

In a partner success story shared on the Acronis Resource Center, Randy Hawkins, Managing Partner, Hawkins Technologies, shared the MSP’s experience moving from a competitor solution to Acronis Advanced Email Security and Perception Point. Hawkins reported that the limitations in the competitor console and the lack of timely support were driving factors behind their need for change. The competitor solution also allowed nefarious email content to get through. Since using Acronis, the solution filtered suspicious content out, and Hawkins reported the ease of working with Acronis and Perception Point when the MSP needed assistance. 

One of the differentiating benefits of Acronis Cyber Protect Cloud is its integrated protection. In another case study featuring Michael Goldstein, President and CEO, LAN Infotech, the MSP business shared their story about using Advanced Security + EDR and Advanced Email Security together. From a single console and single solution, Goldstein and his team monitor and manage their clients’ endpoints and email environments. This advantage has helped LAN Infotech improve security efficiency and win a profitable partnership with the Florida Panthers professional hockey team. 

Based on these examples, MSPs can improve security strategies for their clients and use these success stories to back the necessity and criticality of smart email and collaboration app security measures. These stories also help get clients and service providers on the same page while building security and developing well-rounded incident response plans (IRP) to future-proof protection. 

Looking ahead, MSPs can expect to see more AI-generated phishing. Adversaries will likely continue to evolve their tactics, leveraging AI and automation to launch more sophisticated and convincing phishing attacks. Machine learning and behavioral detection will play a crucial role in detecting and mitigating these threats. Additionally, the rise of remote work and the increasing use of mobile devices for email access may introduce new vulnerabilities and attack vectors. Defenses will need to adapt by implementing robust email security solutions that combine advanced threat detection, encryption and user behavior analysis. Continuous education and awareness programs will also be essential to empower individuals to recognize and respond to emerging email threats effectively. 

Email security threats are multifaceted, complex and challenging to detect and stop. Human error remains a major contributor to breaches. Cross-channel attacks allow attackers to spread malware and infiltrate IT environments through email and collaboration app file sharing. Mitigating the risk of human error and implementing robust security measures are crucial in countering these evolving email security threats. 

Proactive security measures are the MSP’s greatest weapon to stay ahead of evolving email threats. Managed incident response services are a profitable and cost-efficient tool for MSPs that ensures outsourced cybersecurity experts handle complex security activities, including deploying proactive security solutions and driving investigations. 

The pressure rides on MSP leaders to communicate the importance of risk mitigation, adopting cutting-edge security technologies and adhering to best practices to stay ahead of cyberthreats to clients.