A Primer

TROUBLE IN YOUR INBOX

5 FACTS EVERY SMALL BUSINESS SHOULD KNOW ABOUT EMAIL-BASED THREATS

Even with today’s breakthroughs in online communication, email is still one of the main ways that most people connect and keep in touch. This is especially true in the business setting. Email is used to such an extent that the total worldwide email traffic including both business and consumer emails is estimated to be over 144 billion emails per day at the tail end of 2012.1 The amount of email traffic is also predicted to grow to over 192 billion emails every day by 2016.

Email-based threats are still a problem for everyone, including small and medium-sized businesses (SMBs). With such a high degree of usage, it’s easy to see why cybercriminals continue to use email to facilitate their attacks. Given this situation, what should SMB users and decision makers know about email risks? What do SMBs need to know in order to stay protected against such threats?

1 http://www.radicati.com/wp/wp-content/uploads/2012/10/Email-Market-2012-2016-Executive-Summary.pdf

Email spam can clog up servers and inboxes leading to reduced work

productivity.Unsolicited bulk email aka spam are generally considered a nuisance because the majority consists of ads that sell particular services or products. The digital equivalent of junk mail, spam in this form may first appear as harmless, even innocent.

However, spam is not risk-free. Research shows that the amount of email considered abusive jumped within the range of 88–90%of email sent during the first three quarters of both 2010 and 2011.2 In 2011, this coincided with our findings that 5.2 billion spammed emails were being received each month.3

This much junk can easily clog up networks and use up server space in the SMB where resources are limited and any network downtime can have a major impact on the business operations.

This strain on business resources and the risk of malware infection puts email spam at the forefront of all SMB’s concerns.

2 http://www.maawg.org/sites/maawg/files/news/MAAWG_2011_Q1Q2Q3_Metrics_Report_15.pdf3 Based on Trend Micro™ Smart Protection Network™ data

Consumers and businesses

received a total of

5.2 billion spammed emails each

month in 2011 .

Organizations Reporting a Successful Security Violation

Source: Osterman Research, Inc.

The amount of money stolen from dozens of US accounts totalled to over

US$3 million

Email is a common entry point of malware infection.Email used as a point of entry for malware has been a long-standing problem. Trend Micro and Osterman Research4 showed a 5-year comparison on the increasing number of organizations that have reported security violations through usage of email since 2007. We can reasonably conclude that cybercriminals still consider email a viable point of entry when it comes to bypassing company security.

ZeuS is a type of malware that infects its victims through email. This malware logs keystrokes when users browse online banking websites and effectively steals their login credentials. Stolen information is then sent to the cybercriminals, enabling them to infiltrate and steal from users’ bank accounts.

A number of SMBs in the United States filed for bankruptcy due to the hundreds of thousands of dollars stolen by cybercriminals who utilized this malware.5 In 2012, cybercriminal Nikolay Garifulin was sentenced to two years in prison for his involvement in a series of ZeuS-based attacks.6 The amount of money stolen from dozens of US accounts totalled to over US$3 million.

4 http://www.trendmicro.com/cloud-content/us/pdfs/business/white-papers/the_cloud_advantage.pdf

5 http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_zeus-persistent-criminal-enterprise.pdf

6 http://www.fbi.gov/newyork/press-releases/2012/another-cyber-fraud-defendant-charged-in-operation-aching-mules-sentenced-in-manhattan- federal-court

Phishing attacks can reach SMBs through email.Phishing is another email-based threat that SMBs have to deal with. Phishing is the act of tricking someone into voluntarily giving out personal information. Attackers typically send out spammed messages that point to or provide a link to malicious sites. Through social engineering, these phishing attacks trick users into voluntarily giving out sensitive information or download malware that steal data. These may be disguised as official correspondence from sites the victims are familiar with, like Facebook or online banking sites. The malicious page may also be well disguised, masquerading as legitimate login pages for known websites.

Phishing may sound simple enough to avoid but it works successfully thanks to crafty social engineering. This is a technique that involves taking the ‘target’ victim into consideration and tailors the attack according to the potential victim’s interests.

Email and advanced persistent threats (APTs)

Email has also been used in targeted attacks or APTs against companies and government institutions. An APT refers to a category of threats that manage to stay undetected in a network or system for a long period of time. APTs result in leaking sensitive, critical data out into the public and/or into the hands of attackers.

These network breaches cost the targeted companies considerable damage to both their finances and credibility. In an internal monitoring of APT-related spear-phishing emails, we found that 91% of targeted attacks involve spear-phishing emails. Narrowing this down further, we learned that 33% of the companies who were affected by email-based APTs were SMBs. This proves that SMBs are also at risk and should prepare for such a scenario.7

7 http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-spear-phishing-email-most-favored-apt-attack-bait.pdf

Cybercriminals invest money in exploiting the usage of email.Small businesses should be aware that cybercriminals put considerable resources into finding new ways to use email for their malicious deeds. An example of this is the Blackhole Exploit Kit.

An exploit kit is a web application that allows cybercriminals to take advantage of known vulnerabilities in popular applications like Internet Explorer, Adobe Acrobat, Adobe Reader and Flash Player through malicious spam runs. It also provides attackers detailed information about their targets like their browser, OS, geographical location, and which system vulnerabilities are ripe for exploiting. The Blackhole Exploit Kit is currently the most popular exploit kit.

Why is the Blackhole Exploit Kit dangerous? It makes phishing much more effective. Instead of tricking users into entering their login details, the Blackhole Exploit Kit instead simply redirects users to a page that automatically downloads malware like ZeuS.

Exploit kits are commercially available to cybercriminals who are willing to purchase or rent it. Other popular exploit kits are worth US$2,000–3,000 and costs US$3,000 per month to rent it out.8 Cybercriminals are continously investing in exploiting email for their malicious deeds.

8 http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-russian-underground-101.pdf

Email-based threats are going to be a continuous problem.Email has been part and parcel of any business that uses the Internet – and what company nowadays doesn’t use email as part of their work process? SMBs should then acknowledge that the risk of email-based threats is very real, and should take measures to guard against such threats.

Some of the ways that email-based threats can wreak havoc in an SMB:

• Spam clogs the network and affects productivity once it enters the inbox. Malware can cause productivity slowdown due to the potential issues it may cause like drained financial resources and time and energy spent to mitigate infections.

• For organizations whose business involves storing sensitive customer information, a data breach resulting from an email-based spearphishing attack could potentially tarnish an organization’s reputation.

• Email-based threats can result in financial loss and intellectual property theft due to cyber espionage or advanced persistent threats (APTs).

Sour

ce: P

onem

on In

stit

ute,

20

12

WHAT YOU CAN DO TO HELP PROTECT YOUR SMALL BUSINESS FROM EMAIL THREATS

To help protect your company data from email threats and keep your employees productive, follow these tips and best practices:

• Create and apply measures regarding email volume. The high email volume takes its toll on IT resource. As 90% of inbound email is spam, keeping the volume down by deleting unwanted mail before it reaches your network makes perfect sense for a smaller business and will free up IT resources. Consider hosted email security solutions that provide antispam, antivirus, and antiphising protection for incoming email while putting into account how it should also streamline management.

• Enforce and enact policies regarding received spam. Create policies, processes and dos and don’ts on proper email handling. Train employees to regularly clean out their mailboxes in order to ease server or network stress.

• Educate yourself and your employees on common cybercriminal schemes. Update your employees on the difference between legitimate emails and possible malicious phishing emails. Educate on how to handle the latter.

• Take the threat of cybercrime seriously. Each antispam method or technology plays a role or function in defending against an attack. For more recent threats, some technologies offer detection and prevention against exploits.

• Proactively defend against email-based threats with a security solution. Trend Micro™ Hosted Email Security™ protects SMBs from email spam by preventing it from even getting into the company network. It stops the attack right before it has a chance to enact its malicious routines.

TREND MICRO INCORPORATED

Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cloud secu-rity leader, creates a world safe for exchanging digital information with its Internet content security and threat management solutions for busi-nesses and consumers. A pioneer in server security with over 20 years’ experience, we deliver top-ranked client, server and cloud-based security that fits our customers’ and partners’ needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the industry-leading Trend Micro™ Smart Protection Network™ cloud computing security infrastructure, our products and services stop threats where they emerge—from the Inter-net. They are supported by 1,000+ threat intelligence experts around the globe.

TRENDLABSSM

TrendLabs is a multinational research, development, and support center with an extensive regional presence committed to 24 x 7 threat surveillance, attack prevention, and timely and seamless solutions delivery. With more than 1,000 threat experts and support engineers deployed round-the-clock in labs located around the globe, TrendLabs enables Trend Micro to continuously monitor the threat landscape across the globe; deliver real-time data to detect, to preempt, and to eliminate threats; research on and analyze technologies to combat new threats; respond in real time to targeted threats; and help custom-ers worldwide minimize damage, reduce costs, and ensure business continuity.

©2012 by Trend Micro, Incorporated. All rights reserved. Trend Micro and the Trend Micro t-ball logo are trademarks or registered trademarks of Trend Micro, Incorporated. All other product or company names may be trademarks or registered trademarks of their owners.