Spear-Phishing

Could complacency be setting in when it comes to ransomware?

July 25, 2018 by Chris Ross

Ransomware may be a headline favourite, but the attack itself is nothing new. In fact, it’s been around in some form or another for decades. Since last year’s high profile global campaigns such as WannaCry and NotPetya you’d be hard pressed to find anyone who isn’t aware of the threat posed.

But are the headlines representative? Do IT teams really feel the threat day-to-day? Is there a danger that our focus on ransomware could lead us to take our eye off the ball elsewhere?

Chris Ross

Chris Ross is senior vice president of international sales at Barracuda, with strategic & operational responsibility for world-wide markets. Connect with him on LinkedIn.

http://www.barracuda.com

Threat Spotlight: Caught in the Wild—Millions of Phishing Attempts each Month try to Hook your Users

June 25, 2018 by Jonathan Tanner

When Barracuda first opened shop as an email security company nearly 15 years ago, spam was causing major problems in corporate inboxes. While spam bogged down users, the messages themselves weren’t typically malicious—a lot has changed since then. Today, criminals are using all types of tactics to launch attacks through email, including some clever phishing campaigns where the most effective line of defense is the human firewall.

The human what? You know, in a world where organizations have vendors jumping in front of each other to deploy their “best-of-breed” security solutions at HQ and everywhere else—the only thing between your company and a ransomware attack, could be whether or not your users click, or don’t click on a malicious link.

Let’s take a closer look at the types of phishing emails your users are up against each day, and what they can do to stay safe from creative cybercriminals.

Jonathan Tanner

Jonathan is a graduate of San Jose State University and a Software Engineer at Barracuda Networks. Connect with him on LinkedIn here.

https://www.barracuda.com

Infosecurity Europe: Focus on Incident Response as AI Floods Security Show

June 20, 2018 by Phil Muncaster

If you work in the cybersecurity sector, three days in early June will probably be penned into your diary every year. Infosecurity Europe is one of the biggest shows of its kind in the world, with hundreds of exhibitors and over 20,000 cybersecurity professionals crammed into London Olympia to network, share best practice and see the latest tech on offer. To the untrained eye, it can seem a little overwhelming, but it’s actually a great place to go to better understand the market and the key issues keeping security practitioners awake at night.

This year it was hard to get out from under the shadow of the GDPR, while AI and machine learning technologies dominated the conference floor.

Phil Muncaster

Phil Muncaster is a technology writer and editor with over 12 years’ experience working on some of the biggest technology titles around, including Computing, The Register, V3 and MIT Technology Review. He spent over two years in Hong Kong immersed in the Asian tech scene and is now back in London where information security has become a major focus for his work.

Follow Phil on Twitter and connect with him on LinkedIn.

http://www.barracuda.com

Weighing up the email security threat in EMEA

June 11, 2018 by Chris Ross

Despite numerous attempts to dethrone it over the past few years, email continues to be the defacto for business communications. In research published last year, The Radicati Group estimated that more than 281bn email messages would be sent every day in 2018.

Email certainly isn’t going anywhere in a hurry. Which is music to the ears of cyber attackers.

Email was built for a different time, one in which cyber threats were few and far between. It should come as no surprise that email is the number one threat vector facing organizations today, with new email-borne attacks grabbing the headlines on a regular basis. Terms like ransomware, social engineering, phishing and trojans have gained widespread recognition.

We wanted to find out more about the impact of the email security challenge facing IT security practitioners but also the threat posed by the crucial human factor. So we conducted a short survey, generating around 630 global responses, of which 145 came from EMEA organisations.

Chris Ross

Chris Ross is senior vice president of international sales at Barracuda, with strategic & operational responsibility for world-wide markets. Connect with him on LinkedIn.

http://www.barracuda.com

Is User Training the Weakest Link in Your Email Security Strategy?

June 5, 2018 by Dennis Dillman

The days of simply deploying an email security gateway in front of the email server to block spam and viruses from reaching your end users are long gone. And while today’s gateways absolutely still have their place, in most instances they’re accompanied by additional technologies to ensure the best email security approach possible. This is because gateway technologies aren’t designed to spot social engineered spear phishing attacks, and there’s always a chance that people can get phished on personal accounts that aren’t controlled by gateways at all. However, if you’re concerned about users falling victim to Business Email Compromise (BEC), impersonation or spear phishing attacks—perhaps you’ve already deployed a solution that leverages AI to help identify and block these types of attacks in real time?

But let’s say you’ve taken all the right steps. You’ve even deployed extra security layers along with your Office 365 environment to protect against sophisticated email-born data theft, malware, phishing attempts, and anything else that might find its way into your users’ inboxes. Maybe you’re even backing up your Office 365 environment just in case ransomware gets through and you need to restore your system to avoid paying criminals a hefty ransom. You’ve really thought about everything, but there’s just one problem—your users probably haven’t.

Dennis Dillman

Dennis Dillman is VP of Product Management at Barracuda.

https://www.barracuda.com

InfoSecurity 2018- share, learn and protect your business

May 29, 2018 by Darshna Kamani

Summer may be just around the corner, and so is the most important day in the cybersecurity calendar! It’s time to head to the Olympia conference centre to talk all things security. So get ready to be fuelled by coffee and giveaways and notice a dramatic increase in your step count.

With data breaches and hacking scandals dominating the headlines over the last 12 months and with a groundbreaking new regulation being implemented, this time around the event promises to be bigger and better than ever. And, as the predicted 19,500-strong crowd descends upon Olympia next week, we’ll be amongst them, ready to introduce ourselves to some new faces whilst catching up with old friends.

Darshna Kamani

http://www.barracuda.com

Avoid falling victim to tragedy-related scams

May 22, 2018 by Christine Barry

The United States Computer Emergency Readiness Team (US-CERT) has issued an alert advising users to be aware of possible malicious activity that seeks to capitalize on recent tragedies such as the Texas school shooting. Criminals often use events like this to play on public sympathies and solicit donations to fraudulent “charitable” organizations. Regardless of the direct financial outcome, these scams can result in the criminals capturing contact information, login credentials, and a malware infection on the PC or mobile phone.

We have observed dozens of attacks pop-up around tragedies and other sad events. Earthquakes, tsunamis, the Boston Marathon bombing, and even the death of Robin Williams have all been used by cybercriminals. And they don't limit themselves to tragedies: major political news, holidays, and economic concerns are all on the table. It's a sick reality that these criminals will use everything they can and do anything they like to make you a victim.

Christine Barry

Christine Barry is Senior Chief Blogger and Social Media Manager at Barracuda. In this role, she helps bring Barracuda stories to life and facilitate communication between the public and Barracuda internal teams. Prior to joining Barracuda, Christine was a field engineer and project manager for K12 and SMB clients for over 15 years. She holds several technology credentials, a Bachelor of Arts, and a Master of Business Administration. She is a graduate of the University of Michigan.

Connect with Christine on LinkedIn and follow her on Twitter here.

https://blog.barracuda.com

Join us at Microsoft Build 2018

May 5, 2018 by Rich Turner

Barracuda will be presenting at Microsoft Build – their ultimate developer conference focused on cloud, artificial intelligence, mixed reality, and more. This year’s Build is May 7-9 in Seattle, and it an opportunity for the development community to learn about Microsoft’s latest solutions and initiatives as well as hear best practices from their peers.

Itay Bleier from Barracuda’s Sentinel group will be presenting at a partner showcase meant to demonstrate our partnership with Microsoft and how we leveraged the GraphAPI to build Sentinel. Sentinel is Barracuda’s ground-breaking solution to proactively combat spearphishing attacks. If you’re attending build, don’t miss Itay’s session!

Rich Turner

Rich is the Product Marketing Manager, Information Management. He's been with Barracuda since the acquisition of C2C Systems in 2014. Rich specializes in cloud-deployed solutions, information management, and archiving systems. His experience includes extensive work on OEM opportunities and the legal community.

If you'd like to get in touch with Rich, you can connect with him on LinkedIn and follow him on Twitter.

You can email Rich at rturner@barracuda.com.

Threat Spotlight: Cybercriminals Working Hard to Take Over Email Accounts

May 3, 2018 by Asaf Cidon

The chances are, you’d be more inclined to open and act on an email from a colleague, friend or someone you know as opposed to someone you don’t. Cybercriminals know this, which is why they are sending attacks to your friends and colleagues—from your email account.

In our latest Threat Spotlight, we’re taking a look at a couple of real account takeover attacks that have been dissected by the Barracuda Sentinel team. Here’s what we found:

Highlighted Threat:
Cybercriminals take over user accounts and send fake emails to the users’ colleagues and contacts. The emails sent contain fake links, including a fake OneDrive share link that is used to steal credentials and take over more accounts.

The Details:
In this first example, criminals took over an account of a finance employee. The employee most likely followed a phishing link from the attackers, which prompted them to enter their credentials into a fake Outlook sign-in page. Once they did that, the criminals had their credentials, and could use them to access the email account. The criminals then sent out emails to over a dozen members of the finance team from the compromised account. The goal of the compromised emails was to steal additional credentials. Here’s the message that was sent:

The message itself seems innocuous—a quick note that notifies the recipients that an invoice has been paid. However, if the other employees click on the link, they’ll be taken to a fake Office 365 sign-in page where they’ll be asked to enter their credentials. If they move forward and submit their credentials, their accounts will be taken over by the criminals as well.

On their own, stolen credentials of a reputable organization are worth a handsome sum in the dark web. They can be sold to launch additional phishing campaigns, which will have a high chance of success since it would be coming from a high-reputation domain.

In addition, these stolen credentials can be used to conduct spear phishing, or CEO fraud attacks. In these attacks, the hackers send an email from the compromised account with the goal of tricking the recipient (who is usually in the finance department) to send a wire transfer to a bank account owned by the attacker.

There are many variants of emails cybercriminals use to steal credentials. For example, we’ve also seen attempts where a phishing email will be sent out to users that includes a OneDrive share link in the body—like in the example below.

Similar to what we saw in the first example, a user’s email account was also taken over; however, this time the criminals took a different approach with the included link. They included a OneDrive share link that when clicked, will lead to a fake sign-in page used to steal credentials.

In this particular attack, the criminals logged in multiple times to the user’s account, gathered targets from the user’s address book, and sent out hundreds of emails to both employees and external contacts.

As you can see, once criminals steal user credentials, these attacks can snowball quickly. And what’s really scary, is that standard email security solutions won’t detect these types of attacks because they originate from internal emails.

To recap, the techniques used in these attacks are:

Impersonation: Criminals impersonate colleagues or contacts to get users to act on their requests.

Phishing: Emails are sent out to users to initiate the attack to steal their credentials.

So, how can users stay out of harm’s way?

Take Action:

Real-Time Spear Phishing and Cyber Fraud Defense — Barracuda Sentinel is the only solution in the market that can automatically prevent email account takeover. It utilizes AI to learn an organization’s communications history and prevent future spear phishing attacks. It combines three powerful layers: an artificial intelligence engine that stops spear phishing attacks in real time, including emails that originate from within the company; domain fraud visibility using DMARC authentication to guard against domain spoofing and brand hijacking; and fraud simulation training for high-risk individuals.

User Training and Awareness — Employees should be regularly trained and tested to increase their security awareness of various targeted attacks. Simulated attack training is by far the most effective form of training. A solution like Barracuda PhishLine provides comprehensive, SCORM-compliant user training and testing as well as phishing simulation for emails, voicemail, and SMS along with other helpful tools to train users to identify cyberattacks.

Asaf Cidon

Asaf Cidon is vice president of content security services at Barracuda Networks. In this role, he is one of the leaders for Barracuda Sentinel, the company's AI solution for real-time spear phishing and cyber fraud defense. Barracuda Sentinel utilizes artificial intelligence to learn the unique communications patterns inside customer organizations to identify anomalies and guard against these personalized attacks. Asaf was previously CEO and co-founder of Sookasa, a cloud storage security startup that was acquired by Barracuda. Prior to that, he completed his PhD at Stanford, where his research focused on cloud storage reliability and performance. He also worked at Google’s web search engineering team. Asaf holds a PhD and MS in Electrical Engineering from Stanford, and BSc in Computer Engineering from the Technion.

Connect with Asaf on LinkedIn.

http://www.barracuda.com

Barracuda introduces levelized programs

April 17, 2018 by Christine Barry

Today we are pleased to introduce Barracuda PhishLine Levelized Programs, which is a new way to measure user resistance to phishing attacks. We have the details here, and you can see this in action at RSA Conference this week. We're at exhibitor expo booth #4708, North Hall.

Barracuda leverages the power of intelligence to fight social engineering on two fronts. Barracuda Sentinel uses artificial intelligence to defend against messages that aren't legitimate. Barracuda Phishline uses human intelligence by turning employees into a stronger line of defense against phishing. PhishLine helps your users sharpen their anti-phishing skills with advanced phishing simulations along with end-user testing, reporting, and comprehensive metrics that let you take prompt and meaningful action against threats.

Today's announcement focuses on the metrics of the phishing simulations. Because traditional anti-phishing training uses click rates to measure success, training programs can give an inaccurate picture of employee awareness and skill level. A click rate is based on the overall user action in a simulated phishing attack. For example, if a company runs a simulation and 80% of the users avoid clicking anything in the email, that would be measured as a 20% click rate. Many professionals consider the 10-20% click rate was a ‘win' in that most users did not fall for the attack.

Christine Barry

Connect with Christine on LinkedIn and follow her on Twitter here.

https://blog.barracuda.com