Chris Crellin is the Senior Director of Product Management for Barracuda MSP, a provider of security and data protection solutions for managed services providers, where he is responsible for leading product strategy and management.
Barracuda MSP is the MSP-dedicated business unit of Barracuda Networks. Our mission is to drive the success of our IT service provider partners, delivering industry-leading security and data protection via a purpose-built MSP platform, steadfast commitment to partner success, and a wealth of channel expertise.
According to Barracuda’s recent Email Security Trends special report, 87 percent of security professionals reported that their company faced an attempted email-based attack in the past year, and more than one-third had experienced a ransomware attack.
When these attacks occur, they interrupt employee productivity and divert IT resources from other projects to deal with the attacks. They can also cause monetary losses and damage the company’s reputation, and hackers can walk away with a wide variety of intellectual property and sensitive information. Ransomware is another big concern. According to the survey, 75 percent of ransomware attacks originated with an email.
Among the most common types of attacks and security issues that MSPs are likely to encounter when working with clients, here are the top three threats:
1) Phishing/Spear Phishing:
Phishing is by far the most common type of email-based attack. A traditional phishing attack involves sending malicious emails to large numbers of people. The messages usually attempt to get users to open an attachment or click on a link that will send them to a spoofed website. They rely on social engineering, appearing to direct victims to update their security settings or claiming that their email or other online services are about to be shut down or are otherwise at risk. If successful, the attackers can infect the computer or network with malicious code, or harvest usernames and passwords from their fake websites.
Spear phishing, on the other hand, is a more targeted attack against a specific person or a handful of individuals. These attacks involve researching the victims via social media and other outlets, which allows them to create an even more believable message that appears to come from a trusted source. While more challenging to launch, these attacks are usually more successful. (Another variation known as whaling is a spear phishing attack against a high-ranking executive, like a CEO).
2) Business Email Compromise or Account Takeover:
According to Osterman Research, in the past 12 months 44 percent of organizations were victims of a targeted email attack launched from a compromised account. An account takeover (ATO) attack involves a criminal getting access to a trusted email account and using it to launch subsequent phishing or ransomware attacks.
These attacks are doubly dangerous because they can be highly successful and are also difficult to detect because they come from an otherwise legitimate account. Attackers usually gain access to an account via phishing or malware, or they purchase credentials.
In those cases, phishing emails are often used to get scripts onto users’ computers. For cryptomining that is embedded in a website, ad blocking software can sometimes be effective. Some endpoint solutions also protect against these scripts, and corporate network monitoring tools can also uncover cryptojacking activity.
While email-borne attacks are on the rise, the most common problems can be prevented or identified early through a combination of training, monitoring, and end-to-end security. MSPs that take a comprehensive approach can best protect their clients’ email systems — and their network and devices — from the nefarious threats mentioned above.