Trustwave SpiderLabs Exposes Unique Cybersecurity Threats in the Public Sector. Learn More

Trustwave SpiderLabs Exposes Unique Cybersecurity Threats in the Public Sector. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Offensive Security
Solutions to maximize your security ROI
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

How to Get Security Peace of Mind Against Advanced Email Threats

The dangers of email security are often understated. One successful email attack can lead to malware injection, system compromise, impersonation, espionage, ransomware and more.

After all, phishing remains the top attack vector used by hackers. The FBI reported phishing scams were extremely prominent, with 323,972 complaints being made in the U.S. in 2021, compared to 241,342 the previous year. Adjusted losses resulting from these attacks is more than $44 million, a $10 million decrease from 2020. 

Specific to organizations, Business Email Compromise (BEC) is one of the most widely committed crimes by cybercriminals.The FBI's Internet Crime Complaint Center received 19,954 BEC/Email Account Compromise (EAC) complaints with adjusted losses of over $2.4 billion in 2021 alone. The number of complaints was about flat year-over-year, but losses increased by about $600 million, the FBI report stated.

The Advanced Email Threat Landscape

Email threats are becoming more advanced by the day – and organizations need to ensure their defenses can keep pace. Trustwave SpiderLabs recently discovered a ‘chameleon’ phishing email campaign that leads to a credential capture page.

What is unique about this campaign is that the malicious credential capture landing page uses the victim’s email address to change how the landing page looks.

If the victim has a Gmail account, it will use Google graphics and assets to make it look like they're logging back into Gmail. If the victim has an Outlook account, it will pull Microsoft graphics and assets to make the malicious page look like a genuine Microsoft page.

Email campaigns are also looking at distributing more malicious and stealthy malware. Trustwave SpiderLabs also recently discovered a new phishing campaign that injects info stealer Vidar malware.

The spyware is concealed in Microsoft Compiled HTML Help (CHM) files to avoid detection in email spam campaigns.

Vidar is Windows spyware and an information stealer available for purchase by cybercriminals. Vidar can harvest OS & user data, online service and cryptocurrency account credentials, and credit card information.

Trustwave MailMarshal protects against these latest advanced email threats.

How Organizations Can Fortify Email Security Defenses

Trustwave SpiderLabs Research Manager Phil Hay share some actionable advice for organizations looking to stay ahead of advanced email threats.

“The traditional approach of security in layers works really well,” says Phil. “Knowing what’s right for your environment, training your organization, testing new tools in parallel with your existing devices and software, and having a tool that can carry out a set policy is key.”

No single tool will completely protect you against email attacks - instead, an organization must have a strong process, good training, and tools to help ensure there’s defense across multiple levels.

Top Email Security Recommendations:

  • Enable Multi-Factor Authentication MFA/2FA on accounts wherever possible to invalidate credential account attacks. Microsoft found that 99% of compromised Microsoft accounts they observed did not have MFA.
  • Have a second form of verification and validation before changing bank details or sending payments over email
  • Provide annual security refreshers for the whole organization. Covering phishing and overall security awareness will teach employees what attacks they may individually face and give them a plan of action.
  • Use a secure email gateway (SEG), optimized for your organization.
  • Set a policy on how the organization will handle different file types that are sent over email.

The Right Tool for the Job

A proper Secure Email Gateway (SEG) is critical to your email security success. An SEG helps ensure malicious emails and spam don’t make your way into your network by quarantining and flagging problematic emails and email attachments. But every SEG is different--the right one must be flexible enough to work with the policy you set in place and have comprehensive visibility into your incoming email to get ahead of hackers trying to evade detection.

It’s also important for a SEG to be able to unpack or discover items that may be hidden in other files or attachments. For example, an SEG may block emails with certain .exes but may not see that those same files are embedded in an excel document, or zipped in an archive file format such as a .zip or .rar. A SEG also must be able to find and extract potentially malicious files in complicated office document formats, such as a macro within a Word document.

The Power of Trustwave MailMarshal: Battle-Tested Email Security Defender

Trustwave MailMarshal offers a sophisticated multi-layered approach to email security to reduce false positives and protect against spam, gateway attacks, viruses, phishing attempts, and malicious URLs embedded in an email. In addition, it provides complete email protection against phishing and business email compromise (BEC).

Trustwave MailMarshal contains a specialized BEC Engine to protect against advanced BEC attacks.

These capabilities are reflected in the fact that MailMarshal is:

  • Utilized by thousands of businesses ranging in size from SME to large Fortune 500 firms
  • Protects more than 3 million users in the public and private sectors via our on-premises edition, cloud, service provider partners, and Trustwave Managed Security Services
  • Enjoys an average client loyalty of 15 years

Microsoft 365 and Trustwave MailMarshal: Even Better Together

The best of all, combining the proprietary defense filters in Trustwave MailMarshal with the built-in security protections included in Microsoft 365 delivers even high levels of detection and extended protection in real-time. This action is accomplished by proactively detecting suspicious email, removing them from end user access and shielding well-intentioned end users from falling prey to known and targeted attacks.

In addition, Trustwave MailMarshal is the only email gateway that supports Microsoft Azure Information Protection (AIP) and Rights Management Services (RMS). Our solution can decrypt Azure RMS email for Microsoft 365 to enforce all outbound policy controls before re-encrypting and sending, thus eliminating security blind spots created by email encryption. MailMarshal can also enforce Azure RMS controls based on policy triggers even if the user forgets them.

Learn more about the power of Trustwave MailMarshal:

Email Security

Latest Trustwave Blogs

Understanding Your Network's Security Posture: Vulnerability Scans, Penetration Tests, and Beyond

Organizations of all sizes need to be proactive in identifying and mitigating vulnerabilities in their networks. To help organizations better understand the value and process of a vulnerability scan,...

Read More

Email Security Must Remain a Priority in the Wake of the LabHost Takedown and BEC Operator’s Conviction

Two positive steps were taken last month to limit the damage caused by phishing and Business Email Compromise (BEC) attacks when a joint action by UK and EU law enforcement agencies compromised the...

Read More

Defining the Threat Created by the Convergence of IT and OT in Critical Infrastructure

Critical infrastructure facilities operated by the private and public sectors face a complex and continuously growing web of security threats that are compounded by the increasing convergence of...

Read More