While using cleverly-worded emails has been the tool-of-choice for would-be attackers, there are other ways to infect users that are equally effective.
Nearly all strategies rely on user behavior: either a phishing email convinces them to open an attached file, or they are directed to a seemingly legitimate site, or the user is surfing the web for some piece of latest news or subject of interest. In our last blog we looked at the infected attachment, and how advanced threat detection can help deter these attacks. But something like ATD won’t help you when the infection lives on the internet.
Ransomware thrives in the “wild west” of the internet – Here's how you can protect yourself.Click To Tweet
When it comes to email, attackers are becoming smarter, and instead of asking you to open an attachment that is too easily blocked or interrogated, they instead send users to a fake website where the infection is delivered. Email security programs go to great lengths to authenticate websites, ensuring the URL “matches” the domain of the sender, comparing the site against known spurious websites, checking for valid certificates, and so on. But sites can contain redirects, and in most cases, the problem isn’t the security software, it’s the user. The reason to open is compelling, and they click on the link.
So what do you do to prevent users from clicking on such links? Training is obviously one approach: the strategies used by attackers aren’t always very sophisticated, and there are often visual cues that the mail simply isn’t right. Recipients can also be trained to never visit websites from unknown emails, and spurious sites can be blocked. But these strategies aren’t enough.
Safe Link or Link Protect are terms that describe an emerging protection against such attacks. Email security programs that provide link protection typically rewrite the questionable link to redirect the recipient to a safe area, typically a sandbox, where the actual URL is clicked. If ransomware is hiding on the site, it’s never released into the wild – only the protected sandbox. The program makes note of the website’s activity and it is added to databases so it’s known the next time it is encountered.
Barracuda includes Link Protect with all its email security products – in our case, we redirect any questionable URL – including typosquatted ones which we’ll talk about in our next blog – to our sandbox and open them to look for questionable content. If we find any, we block the URL – meaning the service is both invisible to the user and adds no delay in email delivery – and it’s a defense against cyber-threats and ransomware that you really need.