Spear-Phishing

Is User Training the Weakest Link in Your Email Security Strategy?

June 5, 2018 by Dennis Dillman

The days of simply deploying an email security gateway in front of the email server to block spam and viruses from reaching your end users are long gone. And while today’s gateways absolutely still have their place, in most instances they’re accompanied by additional technologies to ensure the best email security approach possible. This is because gateway technologies aren’t designed to spot social engineered spear phishing attacks, and there’s always a chance that people can get phished on personal accounts that aren’t controlled by gateways at all. However, if you’re concerned about users falling victim to Business Email Compromise (BEC), impersonation or spear phishing attacks—perhaps you’ve already deployed a solution that leverages AI to help identify and block these types of attacks in real time?

But let’s say you’ve taken all the right steps. You’ve even deployed extra security layers along with your Office 365 environment to protect against sophisticated email-born data theft, malware, phishing attempts, and anything else that might find its way into your users’ inboxes. Maybe you’re even backing up your Office 365 environment just in case ransomware gets through and you need to restore your system to avoid paying criminals a hefty ransom. You’ve really thought about everything, but there’s just one problem—your users probably haven’t.

Dennis Dillman

Dennis Dillman is VP of Product Management at Barracuda.

https://www.barracuda.com

InfoSecurity 2018- share, learn and protect your business

May 29, 2018 by Darshna Kamani

Summer may be just around the corner, and so is the most important day in the cybersecurity calendar! It’s time to head to the Olympia conference centre to talk all things security. So get ready to be fuelled by coffee and giveaways and notice a dramatic increase in your step count.

With data breaches and hacking scandals dominating the headlines over the last 12 months and with a groundbreaking new regulation being implemented, this time around the event promises to be bigger and better than ever. And, as the predicted 19,500-strong crowd descends upon Olympia next week, we’ll be amongst them, ready to introduce ourselves to some new faces whilst catching up with old friends.

Darshna Kamani

http://www.barracuda.com

Avoid falling victim to tragedy-related scams

May 22, 2018 by Christine Barry

The United States Computer Emergency Readiness Team (US-CERT) has issued an alert advising users to be aware of possible malicious activity that seeks to capitalize on recent tragedies such as the Texas school shooting. Criminals often use events like this to play on public sympathies and solicit donations to fraudulent “charitable” organizations. Regardless of the direct financial outcome, these scams can result in the criminals capturing contact information, login credentials, and a malware infection on the PC or mobile phone.

We have observed dozens of attacks pop-up around tragedies and other sad events. Earthquakes, tsunamis, the Boston Marathon bombing, and even the death of Robin Williams have all been used by cybercriminals. And they don't limit themselves to tragedies: major political news, holidays, and economic concerns are all on the table. It's a sick reality that these criminals will use everything they can and do anything they like to make you a victim.

Christine Barry

Christine Barry is Senior Chief Blogger and Social Media Manager at Barracuda. In this role, she helps bring Barracuda stories to life and facilitate communication between the public and Barracuda internal teams. Prior to joining Barracuda, Christine was a field engineer and project manager for K12 and SMB clients for over 15 years. She holds several technology credentials, a Bachelor of Arts, and a Master of Business Administration. She is a graduate of the University of Michigan.

Connect with Christine on LinkedIn and follow her on Twitter here.

https://blog.barracuda.com

Join us at Microsoft Build 2018

May 5, 2018 by Rich Turner

Barracuda will be presenting at Microsoft Build – their ultimate developer conference focused on cloud, artificial intelligence, mixed reality, and more. This year’s Build is May 7-9 in Seattle, and it an opportunity for the development community to learn about Microsoft’s latest solutions and initiatives as well as hear best practices from their peers.

Itay Bleier from Barracuda’s Sentinel group will be presenting at a partner showcase meant to demonstrate our partnership with Microsoft and how we leveraged the GraphAPI to build Sentinel. Sentinel is Barracuda’s ground-breaking solution to proactively combat spearphishing attacks. If you’re attending build, don’t miss Itay’s session!

Rich Turner

Rich is the Product Marketing Manager, Information Management. He's been with Barracuda since the acquisition of C2C Systems in 2014. Rich specializes in cloud-deployed solutions, information management, and archiving systems. His experience includes extensive work on OEM opportunities and the legal community.

If you'd like to get in touch with Rich, you can connect with him on LinkedIn and follow him on Twitter.

You can email Rich at rturner@barracuda.com.

Threat Spotlight: Cybercriminals Working Hard to Take Over Email Accounts

May 3, 2018 by Asaf Cidon

The chances are, you’d be more inclined to open and act on an email from a colleague, friend or someone you know as opposed to someone you don’t. Cybercriminals know this, which is why they are sending attacks to your friends and colleagues—from your email account.

In our latest Threat Spotlight, we’re taking a look at a couple of real account takeover attacks that have been dissected by the Barracuda Sentinel team. Here’s what we found:

Highlighted Threat:
Cybercriminals take over user accounts and send fake emails to the users’ colleagues and contacts. The emails sent contain fake links, including a fake OneDrive share link that is used to steal credentials and take over more accounts.

The Details:
In this first example, criminals took over an account of a finance employee. The employee most likely followed a phishing link from the attackers, which prompted them to enter their credentials into a fake Outlook sign-in page. Once they did that, the criminals had their credentials, and could use them to access the email account. The criminals then sent out emails to over a dozen members of the finance team from the compromised account. The goal of the compromised emails was to steal additional credentials. Here’s the message that was sent:

The message itself seems innocuous—a quick note that notifies the recipients that an invoice has been paid. However, if the other employees click on the link, they’ll be taken to a fake Office 365 sign-in page where they’ll be asked to enter their credentials. If they move forward and submit their credentials, their accounts will be taken over by the criminals as well.

On their own, stolen credentials of a reputable organization are worth a handsome sum in the dark web. They can be sold to launch additional phishing campaigns, which will have a high chance of success since it would be coming from a high-reputation domain.

In addition, these stolen credentials can be used to conduct spear phishing, or CEO fraud attacks. In these attacks, the hackers send an email from the compromised account with the goal of tricking the recipient (who is usually in the finance department) to send a wire transfer to a bank account owned by the attacker.

There are many variants of emails cybercriminals use to steal credentials. For example, we’ve also seen attempts where a phishing email will be sent out to users that includes a OneDrive share link in the body—like in the example below.

Similar to what we saw in the first example, a user’s email account was also taken over; however, this time the criminals took a different approach with the included link. They included a OneDrive share link that when clicked, will lead to a fake sign-in page used to steal credentials.

In this particular attack, the criminals logged in multiple times to the user’s account, gathered targets from the user’s address book, and sent out hundreds of emails to both employees and external contacts.

As you can see, once criminals steal user credentials, these attacks can snowball quickly. And what’s really scary, is that standard email security solutions won’t detect these types of attacks because they originate from internal emails.

To recap, the techniques used in these attacks are:

Impersonation: Criminals impersonate colleagues or contacts to get users to act on their requests.

Phishing: Emails are sent out to users to initiate the attack to steal their credentials.

So, how can users stay out of harm’s way?

Take Action:

Real-Time Spear Phishing and Cyber Fraud Defense — Barracuda Sentinel is the only solution in the market that can automatically prevent email account takeover. It utilizes AI to learn an organization’s communications history and prevent future spear phishing attacks. It combines three powerful layers: an artificial intelligence engine that stops spear phishing attacks in real time, including emails that originate from within the company; domain fraud visibility using DMARC authentication to guard against domain spoofing and brand hijacking; and fraud simulation training for high-risk individuals.

User Training and Awareness — Employees should be regularly trained and tested to increase their security awareness of various targeted attacks. Simulated attack training is by far the most effective form of training. A solution like Barracuda PhishLine provides comprehensive, SCORM-compliant user training and testing as well as phishing simulation for emails, voicemail, and SMS along with other helpful tools to train users to identify cyberattacks.

Asaf Cidon

Asaf Cidon is vice president of content security services at Barracuda Networks. In this role, he is one of the leaders for Barracuda Sentinel, the company's AI solution for real-time spear phishing and cyber fraud defense. Barracuda Sentinel utilizes artificial intelligence to learn the unique communications patterns inside customer organizations to identify anomalies and guard against these personalized attacks. Asaf was previously CEO and co-founder of Sookasa, a cloud storage security startup that was acquired by Barracuda. Prior to that, he completed his PhD at Stanford, where his research focused on cloud storage reliability and performance. He also worked at Google’s web search engineering team. Asaf holds a PhD and MS in Electrical Engineering from Stanford, and BSc in Computer Engineering from the Technion.

Connect with Asaf on LinkedIn.

http://www.barracuda.com

Barracuda introduces levelized programs

April 17, 2018 by Christine Barry

Today we are pleased to introduce Barracuda PhishLine Levelized Programs, which is a new way to measure user resistance to phishing attacks. We have the details here, and you can see this in action at RSA Conference this week. We're at exhibitor expo booth #4708, North Hall.

Barracuda leverages the power of intelligence to fight social engineering on two fronts. Barracuda Sentinel uses artificial intelligence to defend against messages that aren't legitimate. Barracuda Phishline uses human intelligence by turning employees into a stronger line of defense against phishing. PhishLine helps your users sharpen their anti-phishing skills with advanced phishing simulations along with end-user testing, reporting, and comprehensive metrics that let you take prompt and meaningful action against threats.

Today's announcement focuses on the metrics of the phishing simulations. Because traditional anti-phishing training uses click rates to measure success, training programs can give an inaccurate picture of employee awareness and skill level. A click rate is based on the overall user action in a simulated phishing attack. For example, if a company runs a simulation and 80% of the users avoid clicking anything in the email, that would be measured as a 20% click rate. Many professionals consider the 10-20% click rate was a ‘win' in that most users did not fall for the attack.

Christine Barry

Connect with Christine on LinkedIn and follow her on Twitter here.

https://blog.barracuda.com

Barracuda Threat Spotlight: New URL File Outbreak Could be a Ransomware Attempt

April 10, 2018 by Jonathan Tanner

We’re closely tracking an alarming threat that’s currently aiming to take advantage of careless or untrained users in a possible effort to distribute ransomware and other forms of malware—here’s what we’ve found.

Highlighted Threat: Attackers are using a variety of techniques in an attempt to launch a Quant Loader trojan capable of distributing ransomware and password stealers.

The Details:

In the world of email, an unfamiliar file extension—especially one that is compressed alone in a ZIP file—is often a sure sign of a new malware outbreak. This was no exception when zipped Microsoft internet shortcut files with a “.url” file extension started showing up in emails claiming to be billing documents last month. These shortcut files use a variation on the CVE-2016-3353 proof-of-concept, containing links to JavaScript files (and more recently Windows Script Files). However, in this instance the URL was prefixed with “file://” rather than “http://” which fetches them over Samba rather than through a web browser. This has the benefit of executing the contained code using WScript under the current user's profile rather than requiring browser exploitation, although it does prompt the user before doing so. The remote script files are heavily obfuscated, but all result in downloading and running Quant Loader when allowed to execute.

Jonathan Tanner

Jonathan is a graduate of San Jose State University and a Software Engineer at Barracuda Networks. Connect with him on LinkedIn here.

https://www.barracuda.com

Why Firewalls Matter More than Ever

April 6, 2018 by Mike Vizard

There is growing general acknowledgement that when it comes to cybersecurity most organizations should assume they’ve been compromised. Cybercriminals have become quite skilled at employing a variety of techniques to bypass cybersecurity defenses, usually in the form of a targeted spear phishing campaign that tracks an end user into downloading malware directly on to their system.

As true as that may be, however, is doesn’t necessarily follow that defense of perimeter doesn’t matter anymore. The definition of where the perimeter lies may be expanding. But firewalls deployed on the perimeter still play a critical role in blocking thousands of attacks daily that are being launched by ever increasingly sophisticate bots.

The truth of the matter is that most organizations are not doing enough in way of cybersecurity fundamentals, says John Kuhn, senior cyber threat researcher for IBM X-Force. That makes they easy prey for cybercriminals that have almost unlimited resources. In many of those cases, the only thing standing between those organizations and total chaos is the firewall.

Mike Vizard

Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.

Connect with Mike on LinkedIn, Twitter, and Google+.

https://www.linkedin.com/in/michaelvizard

Counting the broader cost of Facebook’s data dilemma

April 4, 2018 by Chris Ross

As the news agenda continues to be dominated by the fallout from claims that millions of Facebook profiles were apparently exploited for political purposes, we wanted to see whether this story was changing the way that businesses thought about how their staff used technology. At the recent Cloud Expo Europe show in London, we conducted a survey of more than 350 attendees to find out.

We started by trying to understand whether the news had prompted members of the IT industry to change their relationship with Facebook. It was no surprise to hear that 55% of respondents trusted Facebook less as a result. This lack of trust was shown in the fact that 12% had deleted their account since the news broke and another 29% had taken measures to amend their security and sharing settings. On a personal level, people had definitely had their eyes opened to data privacy, sharing and security issues.

Chris Ross

Chris Ross is senior vice president of international sales at Barracuda, with strategic & operational responsibility for world-wide markets. Connect with him on LinkedIn.

http://www.barracuda.com

Sentinel Stops Attacks in All Languages

March 27, 2018 by Asaf Cidon

Sentinel's AI has been developing rapidly in the last few months. In December, we added support for detecting web service impersonations and targeted phishing attacks. In these attacks, the attackers impersonate popular web services (Outlook, Docusign, Dropbox, Apple, UPS, etc.), and ask the recipient to click on a link. The link will typically take the recipient to a sign-in page that looks exactly like a sign in page of the impersonated web service. The goal of the attackers is to steal the credentials of the recipient, and to use those for infiltrating internal IT systems and launch subsequent attacks. Sentinel can stop these attacks by understanding that the email is impersonating a widely-used web service (e.g., Dropbox), but is not sending the email from an address associated with the web service (e.g., dropbox.com), and the links within the email have nothing to do with the domain of the web service.

This capability has also greatly expanded the volume of attacks Sentinel detects in different languages. We see attackers use the native language of the recipient to try to trick them to click on a link, whether it's German, Spanish, Dutch or Mandarin. We are happy to announce that Sentinel stops attacks in all languages, and our AI can effectively support customers in all regions of the world. In order to stop these types of impersonation attacks, the AI does not rely on any text-specific characteristics of the email, which allows it to work with any language.

Asaf Cidon

Connect with Asaf on LinkedIn.

http://www.barracuda.com