The global wind turbine energy infrastructure came under threat recently when wind energy giant Nordex was attacked by ransomware criminals. Nordex noticed the invasion early on and quickly released a statement, saying, “The intrusion was noted in an early stage and response measures initiated immediately in line with crisis management protocols. As a precautionary measure, the company decided to shut down IT systems across multiple locations and business units."
Quick Action Limits the Damage
By taking quick action, it appears Nordex was able to curb some of the damage that could have resulted from the attack, adding, “Preliminary results of the analysis suggest that the impact of the incident has been limited to internal IT infrastructure. There is no indication that the incident spread to any third-party assets or otherwise beyond Nordex’s internal IT infrastructure."
However, while it appears they may have been able to stymie the attack, it wasn’t without taking drastic measures: Nordex had to disable remote access to managed turbines to protect customers’ assets, suggesting that these access systems could have been affected by the attack.
Email: The Attacker's Vector of Choice
While details regarding how the attackers gained a foothold in their system are still unclear, one of the prime suspects—as always—is email. This was the same vector used in a recent attack on digital marketing firm Mailchimp. The attack leveraged sensitive information inside Mailchimp to target Trezor cryptocurrency wallets, which are hardware units that store users’ crypto. Using email addresses stolen from within Mailchimp’s system, the attackers told Trezor users that their wallets had been compromised by a breach. Users then submitted their crypto credentials, enabling the hacker to steal their digital currency.
Email-based attacks dramatically underscore the need to bolster defenses against what has become an increasingly potent attack vector. Users trust their email systems, and often the messages they get, making them fertile ground for attackers looking to launch ransomware, phishing, and other types of assaults.
The Most Common Email Threats
There are four common ways email can pose a serious threat to your organization:
Ransomware spread through spam
Business email compromise (BEC)
Scammers spoofing your domain externally
Office 365 account takeover through credential phishing
Ransomware Spread Through Spam
The potency of spam is found in the way it can so easily camouflage ransomware and other malware attacks. Some spam seems relatively innocent while others are more threatening. Unfortunately, the sheer volume of spam disguises the fact that a lot of spam contains serious threats, such as ransomware.
By clicking on a link in an apparently benevolent spam message, a user can instantly download ransomware that can either disable their system or cripple others attached to the same network. This is because malware, including ransomware, has to be downloaded and enabled before it can interface with your computer. Some malware can be triggered by a quick click, so attackers include malicious code in thousands of emails sent to victims.
Business Email Compromise (BEC)
BEC involves an attacker getting the business email credentials of a single or multiple users and then using them to steal information or send malware. The U.S. Department of Justice (DOJ) recently charged a cybercriminal who allegedly got away with $100 million using the business email credentials of someone in an organization. This attack method often works because users believe the email is coming from a legitimate user.
Scammers Spoofing Your Domain Externally
Scammers can also use inbound domain spoofing to make it look like an email is coming from within a trusted organization. Email security provider Proofpoint recommends using an inbound domain spoofing rule to prevent these kinds of emails. This quarantines inbound messages that look like they’re coming from your organization but may really be coming from an attacker. In this way, you can further investigate any email that wasn’t generated internally.
Office365 Account Takeover Through Credential Phishing
Even though Office 365 gives users access to a broad suite of powerful tools, it is also a prime target of attackers. Once they gain access to your system, they can interface with a wide variety of users, as well as sensitive documents and data. Palo Alto Networks outlines a multi-tier prevention system that uses a combination of user awareness and security technologies in the network layer—within your firewalls—to prevent or limit the impact of attacks.
How to Build an Effective Email Security Architecture
Building an effective email security architecture is a two-pronged process: (1) you have to simultaneously arm users with the knowledge and techniques they need to identify and defend against attacks, and (2) you have to ensure you have the security technologies in place to prevent attacks altogether.
Some of the tools you can use are:
A Secure Email Gateway
A secure email gateway (SEG) monitors emails entering and exiting your system. Designed to prevent malicious emails and deliver benevolent ones, it can detect messages containing malware, unwanted spam, or malevolent links that may have been sent to execute fraud.
Integrated Email Security Solutions
An integrated email security solution (IESS) monitors the risks your organization faces from emails. It typically includes machine learning-based detection systems to identify email profiles that indicate safe behavior, as well as thousands more that may be indicative of a threat. It then compares the contents of the emails you receive against databases of safe and unsafe messages, making it easier to spot threats.
Email authentication is the process of verifying the origin of an email. Often, attackers send emails from fake addresses that appear, at first glance, to be legitimate. When an unsuspecting user clicks a link, their system gets infected with malware or they are taken to a fake site that steals their information.
With email authentication, you stay one step ahead of email attacks because fraudulent emails get blocked before they even reach users’ inboxes. This removes an aspect of the “human judgment” variable, which attackers love to exploit.
Endpoint security can detect and block unauthorized users who have gained access to the credentials of someone in your organization. For example, if an attacker manages to steal the email address and password of someone in the C-suite, they could use it to send emails asking for business credit card information or other sensitive data.
However, in most cases, they would have to do this from their own device—one that your endpoint security system can detect. Once the system spots the anomalous device, it can prevent the user from logging in to the email system even though they have the credentials to do so.
Reassessing Your Email Security Architecture to Prevent Phishing Attacks
Regardless of the size of your organization, it has valuable data, and hackers love to try to gain access to it through email-based attacks.
In some cases, a company's data is simply login credentials that can be used to launch other kinds of attacks in the future. In other situations, an attacker exploits secrets to either embarrass or blackmail a company into submission. But by reassessing your email security, you cut hackers off at the pass, eliminating one of the most common attack methods used today.
How to Leverage the Human Component
To build an improved security architecture, you need to get buy-in at the highest levels first. Then, with upper management's support, you can begin educating employees regarding what to look out for. This is the human component of an enhanced security architecture. With human awareness as your foundation, you can then build a technological system that protects users and the information they have access to.
However, don’t simply look at your current email security tools and say, “Well, these should be able to prevent X, Y, and Z attacks.” It’s better to question each tool you already have, perform a critical evaluation, and actively look for new technologies and services that enable a stronger stance against attackers.
Examples of email security solutions that are known to stop threats dead in their tracks include:
Take Control of Your Email Security to Protect Your Organization
Despite some of the more recent successful attacks against companies like Mailchimp, Trezor, and Nordex, your organization doesn’t have to be the next victim. By proactively reassessing your email security architecture and implementing the latest tools, you can shrink your attack surface significantly and prevent users from being taken advantage of by hackers.