Email Security Monthly Review – July 2021
Our Email Security Monthly Review aims to cover all major developments and news in the email security world, that occurred in the previous month as well as EasyDMARC updates and announcements
◊ Gmail’s brand new authenticated logo security feature is here!
Google has announced that the new security feature it first revealed in July, which authenticates brand logos, will be rolling out over the next couple of weeks. Enabled by the Brand Indicators for Message Identification (BIMI) standard, this new feature can be likened to the verified badge commonly seen on social media networks.
The aim of this security feature is to reduce the probability of Gmail users opening and acting upon emails that falsely appear to be from a legitimate source. This is achieved by email recipients receiving the logo of the sender’s organization when an email that’s authenticated using the DMARC standard is sent.
The inclusion of organizations’ logos should ideally assure users that the email is from someone who the sender claims to represent. Gmail users won’t have to do anything to be able to view these organizational logos but there is a process that organizations will need to follow if they would like their logos to be displayed in the existing avatar slot. One of the steps that organizations need to complete is to provide their validated trademarked logos to Google via a Verified Mark Certificate if they authenticate their emails using Sender Policy Framework (SPF) or Domain Keys Identified Mail (DKIM) and deploy DMARC.
◊ EasyDMARC customers are in for a treat
The global email security software firm announces major platform upgrades
EasyDMARC’s new platform upgrades allow for instant XML reporting and AI-based anomaly detection alerts. The global email security software company is now able to provide the guidance needed for customers to reach a DMARC policy state that dismisses phishing attempts.
EasyDMARC gives users the visibility and control to act on cyberattacks that involve spoofed email techniques by combining anomaly detection alerts with DMARC’s defense mechanism that rejects unauthenticated sources. Customers are able to manage critical email security standards all in one place with their existing BIMI implementation tools and SPF solutions such as EasySPF.
Commenting on the new platform upgrades, EasyDMARC CEO and Co-Founder Gerasim Hovhannisyan said: “The benefits are immediately realized, particularly for our customers. This also solidifies our leadership position in the DMARC space and paves the way for new features that combine our speed with Artificial Intelligence.”
◊ Global cyberattack volumes surge to triple digits
Accenture Security’s report
Accenture Security’s latest global incident response analysis attributes the triple digit increase in intrusion volumes to three main trends. The trends identified are a lack of a slowdown of cyberattacks, a disproportionate impact on certain industries and geos, and high levels of ransomware and extortion.
Global cyberattack incidents continued on an upward trajectory during the first six months of the year. The impact of these cyberattacks were felt by almost every industry and geography. A rise in global web shell activity through nation-state and cybercrime actors, targeted ransomware and extortion operations and supply chain intrusions has been attributed as the primary catalyst for the triple digit increase.
More than 60% of the total intrusion volume was felt by just 5 industries – Consumer Goods and Services, Industrial, Banking, Travel and Hospitality and Insurance. One region in particular, namely the USA, was the most impacted geography. Determined threats can be counteracted by being aware of these patterns of most impacted industries and geographies as well as sound threat intelligence.
The highest ranking malware category was ransomware and extortion operations. This second-highest incident type appears to be targeted at victims with annual recurring revenue of US$1bn+, with 85% of ransomware and extortion victims fitting the brief. This strongly indicates “big game hunting”. Some of the names featured in the top 5 ransomware variants list were also observed, with REvil/Sodinokibi ranking in top of the list. It also appears that the threat group using Hades has been active for the first six months of the year.
◊ Microsoft Exchange email server hack
EU and US claim that China is to be blamed for
Following initial claims by private sector groups that Chinese cyber spies were responsible for the hacking of the Microsoft Exchange email server, both the EU and US have also attributed the blame to China.
First identified in January, the hack compromised thousands of computers across the globe. According to the EU’s High Representative for Foreign Affairs and Security Policy Josep Borrell, the attack was carried out “from the territory of China for the purpose of intellectual property theft and espionage”. Mr Borrell also stated that the hack was traced back to Advanced Persistent Threat 40 (APT40) and Advanced Persistent Threat 31 (APT31).
When asked about the Microsoft Exchange hack, a spokesperson for the Chinese Foreign Ministry said that the country “firmly opposes and combats cyber attacks and cyber theft in all forms” and that blame cannot be attributed based on “groundless accusations.”
◊ Cybercriminals bypass Milanote’s secure email gateways to prey on creatives
According to researchers, the Milanote app has been made aware of cybercriminals using its platform as a playground for phishing attempts. Analysis by Avanan indicates that these cyberattackers conduct their credential-stealing campaigns and email hacking by targeting their victims with a simple email with the subject line “Invoice for Project Proposal”.
The CEO and co-founder of Avanan, Gil Friedrich, says that collaboration platforms provide easy access to cybercriminals to spread malicious links. The increase in the usage of collaboration platforms widens the potential target list for hackers.
◊ UC San Diego Health reveals data breach
Staff email accounts were compromised
UC San Diego Health has confirmed in a data breach notification that unauthorized access likely took place between December 2020 and April 2021. Patient data such as names, addresses and Social Security numbers could have potentially been accessed by the unknown hackers. Other healthcare-related data such as laboratory results and records of medical diagnoses could have also been acquired.
UC San Diego Health has retracted access to the compromised staff email accounts and is in the process of conducting a review of the breach.
◊ Chipotle falls victim to phishing scam
Chipotle’s marketing email gets hacked
A marketing email account linked to Chipotle has been used by hackers to send phishing emails. Inky, a cybersecurity firm, has said that Chipotle’s Mailgun email account was also compromised earlier this year and 121 phishing emails were sent as part of the attack. Researchers have claimed that the majority of the emails impersonated Microsoft.
◊ British national accused of hacking Twitter accounts of Bill Gates, Barack Obama and hundreds more
US officials have announced that Joseph O’Connor has been arrested on a warrant pertaining to the hacking of more than 130 Twitter accounts belonging to politicians, business leaders and celebrities. Some of the victims include Bill Gates, Barack Obama and Joe Biden. The hack, which took place last year, has been linked to a cryptocurrency scheme.