Email remains the primary method used to initiate an advanced attack or deliver ransomware because it can be highly targeted and customized to increase the odds of the recipient interacting with it. While anti-spam filters and antivirus software are good at catching traditional, mass phishing threats with known malicious attachments, links and content, they cannot catch sophisticated and targeted spear phishing attacks designed to bypass these legacy solutions.
Secure email gateways have traditionally been the primary means of defending against email attacks; however, while they mitigate the threat posed by the majority of traditional spam and viruses, they have lacked the automated analysis needed to catch highly targeted zero-day and other dangerous threats presented by today’s advanced attackers. Instead, they rely on commodity anti-spam filters, and antivirus software designed to react to new threats sent in large volumes. Response is at best several minutes, however, polymorphic techniques delay detection and leave a global gap exploited by advanced cyber attacks. They miss or are delayed in detecting unknown threats. Furthermore, a firewall can’t examine email traffic that is typically sent over Transport Layer Security (TLS) connections delivering ransomware and spear phishing campaigns.
Ransomware, when introduced via email, is delivered through attachments such as compressed files, document files and HTML files, or through links (URLs) in the email message or document attachment. Attackers often get the user to execute the file or click on the link through social engineering techniques rather than system vulnerabilities such as the suggested exploit for the Petya ransomware attacks.
Now with the latest version of FireEye Email Security (EX Series), advanced URL defense enhancements further minimize the risk of ransomware and spear phishing attacks that begin with an email:
- URLs are extracted from Microsoft Office documents, PDF and archive files (ZIP, AIZip, JAR) and other file types (uuencoded, HTML).
- Dynamic analysis of downloaded executable files extends to obfuscated and redirect URLs.
- URLs are evaluated for credential content to detect fraudulent, zero-day credential-phishing sites.
Riskware is a computer program, such as spyware or adware, that has the potential to be malicious, but typically is a nuisance or has an undesirable effect on end users. Now, with this latest release, Email Security marks messages that are suspicious and analyzes them for riskware based on selected risk policies. Riskware categorization separates critical from non-critical alerts to prioritize response.
FireEye Email Security performance has also been enhanced. When EX Series appliances are under high traffic load, cloud bursting to a FireEye MVX Smart Grid enables better control of message delivery time and system performance. Utilizing sharing of MVX Smart Grid capacity decreases total cost of ownership.
The latest release of Email Security also adds enhanced alert and quarantine management tools, giving administrators more control over messages and alerts, and the ability to perform bulk operations.
Learn more about FireEye Email Security.