The Moore You Know – Email Threats

With Kim Moore – Senior Security Consultant

Email remains the primary attack vector for cybercriminals, and in 2024, email-based threats were more sophisticated than ever. From Business Email Compromise (BEC) to ransomware-laden phishing attacks, organizations must take proactive steps to secure their communications.

Additionally, as collaboration tools like Microsoft Teams, Slack, and Google Drive become central to business operations and communication, securing these platforms alongside email security is critical.

Lets explore some of the most pressing email security threats in 2024 and how solutions like Mimecast help mitigate risks.

Business Email Compromise (BEC)
BEC attacks involve cybercriminals impersonating executives, vendors, or business partners to trick employees into transferring money or sharing sensitive information. These attacks often bypass traditional security defences because they rely on social engineering rather than malware they are normally payload less which can make them hard to detect. Interestingly Gmail was used for the vast majority of BEC attacks in 2024.

In today’s threat landscape, email security alone is not enough. Organizations must implement a comprehensive security approach that combines email protection with DMARC, DKIM, and SPF authentication, alongside AI and machine learning-driven defences. These technologies work together to detect, prevent, and mitigate sophisticated attacks before they cause damage.

Phishing and Spear Phishing Attacks
Phishing attacks were another top threat in 2024 especially in the form of spear- phishing. Phishing attacks use deceptive emails to steal credentials, distribute malware, or commit fraud. Spear phishing takes it a step further by targeting specific individuals using personalized information. This information can be taken from social media platforms like Facebook and LinkedIn or public databases. Although not directly related to spear phishing social media platforms and other apps that are commonly used to share personal information are used maliciously
against individuals. One notable example of this is when Strava data from military personnel unknowingly revealed the locations of secret military bases. In 2018, Strava’s Global Heatmap, which visualizes user activity worldwide, exposed the running and biking routes of soldiers at military bases, some of which were classified.

By combining defences like URL and attachment sandboxing to block malicious links and downloads coupled with Human Risk Management to educate employees on phishing tactics beyond simple simulations, organizations can significantly strengthen their defences against these cyberthreats that continue to be a concern as we head into 2025.

Ransomware via Email
The ransomware threat continues to evolve and is still as disruptive as it’s ever been since the first documented use of ransomware in 1989 with the “AIDS Trojan” virus, which was distributed on floppy disks at a World Health Organization AIDS conference. Ransomware attacks are often delivered through phishing emails containing malicious attachments or links. Once executed, ransomware encrypts files and demands payment
for their release. Ransomware can be effectively stopped by leveraging advanced threat protection to block malicious attachments and scan URLs in real-time, while robust backup and disaster recovery plans ensure organizations can restore data without paying a ransom.

Supply Chain Attacks
Cybercriminals target vendors or third-party services used by a company to gain access to sensitive information or internal networks. These attacks continue to rise due to the increasing reliance and use of external suppliers and cloud-based services. Attackers exploit vulnerabilities in supply chains to infiltrate larger organizations, often bypassing traditional security measures by compromising trusted partners. In 2023 A threat actor compromised an employee account at Turkish Airlines, one of Airbus’s customers. The breach was orchestrated by a threat actor known as ‘USDoD,’ who compromised the Turkish Airlines employee account using the Redline info-stealer malware.

Email authentication protocols (DMARC, DKIM, SPF) prevent spoofed emails from trusted vendors, while vendors like Mimecast use threat intelligence feeds to help identify compromised suppliers before they can cause harm. It is also vital to have strict access controls in place where verification is enforced before acting on financial or data requests.

Data Loss from Insider Threats
Employees whether malicious or unintentional, can leak sensitive data via email or cloud collaboration tools like Google Drive or Microsoft OneDrive for example. Data loss from insider threats in cloud communication channels occur when individuals within an organization, such as employees or contractors, intentionally or unintentionally misuse their access to sensitive information. These individuals may exploit cloud-based tools and communication channels (like email, file sharing, or messaging platforms) to leak, steal, or destroy data. Ultimately, insider threats in cloud communication channels happen when there is a combination of excessive trust, poor access management, and insufficient safeguards to prevent or detect misuse of sensitive data. To combat this Data Loss Prevention (DLP) tools are now essential. DLP tools enforce policies that block unauthorized sharing of sensitive data, while Insider Risk Management platforms detect suspicious file movements to external accounts or unauthorized cloud services, and encryption along with access restrictions ensure that data is only accessible by authorized personnel.

Cloud Collaboration Tool Exploits
As we have just discussed cybercriminals are increasingly targeting Microsoft Teams, Slack, and other cloud collaboration tools to distribute malware, conduct phishing attacks, or access sensitive company information. This was somewhat fuelled by the pandemic when the world turned to cloud communication and since then its use has been on the rise year after year. One of the biggest security challenges companies face in cloud environments is a lack of visibility. This issue stems from both the nature of cloud architecture and the complexity of many organizations’ expanding cloud deployments. Tools like Mimecast’s Incydr provide visibility into what data is being shared and where by monitoring file movements across cloud and email platforms. But it is important to have access control policies in place to prevent unauthorized data sharing within and outside the organization, and having Multi-Factor Authentication (MFA) adds an extra layer of security against unauthorized logins.

Conclusion
As email threats continue to evolve in 2024, businesses must adopt a multi-layered approach to security that covers email, collaboration tools, and data loss prevention. Solutions like Mimecast provide advanced threat protection, real-time threat intelligence, and insider risk management to help organizations stay secure.
By leveraging AI-powered threat detection, DLP controls, and employee risk management, businesses can mitigate email and collaboration based cyber risks and protect their most valuable assets.

Get In Contact:
Email: kmoore@exclusive-networks.com
Phone: +44 (0)7931 539 951