Email Authentication Helps Governments and Private Companies Fight Ransomware

Image: Adobe Stock/nicescene

Do you think your organization is well protected against a ransomware attack? Think again. Ransomware attacks seem abstract, sent by nameless and faceless cybercriminals to find and exploit security vulnerabilities. These attacks are not new. More than 30 years ago, in 1989, cybercriminals published the AIDS Trojan — PC Cyborg Virus — via floppy disk. To restore their systems, victims had to send $189 to a post office box in Panama. Once cryptocurrencies like Bitcoin arrived in 2010, cybercriminals started monetizing ransomware even more.

The money involved has increased dramatically – as technology has evolved and data has grown from bits and bytes to zettabytes and yottabytes – ranging from thousands to millions of dollars in costly damages. Targets can include individuals but also schools, universities, healthcare facilities and even entire cities. A report says that in 2019, cybercriminals targeted at least 2,354 U.S. organizations, including:

  • 113 federal, state and municipal governments and agencies
  • 560 health establishments
  • 1,681 schools, colleges and universities

While the average ransomware attack costs $8.1 million and takes 287 days to recover, 2020’s 113 attacks against government entities cost $915 million. The attacks have been automated, making it too easy – and profitable – for cybercriminals to hack into a business of any size. Sending ransomware via email attracts hackers because it is easy to deliver and uses a variety of tricks and hijackings to lock down computers and data or infiltrate and infect networks.

Last spring, for example, DarkSide, a criminal group based in Eastern Europe, used ransomware to target Colonial channeling. It was the largest known hack on America’s energy infrastructure – ever. The pipeline closed its 5,500 miles of pipeline carrying almost half of the fuel for the East Coast. The panic buying of gas has begun. Prices skyrocketed over the weekend. The company paid its attackers close to $5 million ransom. And that’s just one of a series of ransomware attacks targeting US infrastructure.

Because America’s infrastructure was built long before online networks existed, it is vulnerable to attack, even as more organizations go digital and more data lives in cyberspace.

One of the most effective ways for cybercriminals to execute ransomware attacks? E-mail. Malicious actors are constantly adapting to counter the defenses against their actions, automating their attacks to target organizations of all sizes. Hackers frequently gain access to corporate systems through phishing attacks: emails sent with the intent of tricking employees into clicking on attachments or links that contain malicious code (ransomware) or unwittingly giving access to protected systems to inject the ransomware. Even cybercriminals planning to compromise a system often start with a social engineering email.

Email: handle with care

Malicious computer code – used to block organizations’ access to their own networks and extort ransom – is one of the most common forms of malware. Once they control the network, cybercriminals set a payment deadline. If the targeted company refuses, hackers can publicly share sensitive information, sell data or exclude the organization from its own network.

Given that email delivers 96% of all social engineering attacks, email authentication provides the best first-line defense against ransomware attacks. Hackers frequently gain access to corporate systems through phishing attacks: emails sent to trick employees into clicking on attachments or links that contain malicious code. According to a study by the APWG, software as a service (SaaS) and webmail users fall into the largest phishing category at 34.7%. Business Email Compromise (BEC) attacks sent by free webmail providers skyrocketed from 61% to 72%. More than half of these attacks used Gmail.

Step up the fight against ransomware

Before DMARC (Domain-based Message Authentication, Reporting and Conformance), only DKIM and SPF email authentication protocols existed. A serious problem with these protocols? They lacked a publicly stated policy and a feedback mechanism. No one knew – or could tell – whether DKIM or SPF worked or what the recipient could (and should) do with the results.

By implementing DMARC as an email authentication protocol, organizations add another layer of protection to combat the high percentage of phishing attacks originating from a fake sender. Designed to allow email domain owners to protect their own domains from unauthorized use, this critical layer – often missing from more traditional email content filtering through artificial intelligence (AI) or machine learning ( ML) – prevents cyber attackers from using domains to compromise work email. attacks, email/phishing scams and other cyber threats.

DMARC and its records prevent criminals from impersonating trusted parties to carry out phishing or other fraudulent email campaigns. It further prevents spammers from taking advantage of a company’s hard-earned email reputation to hitchhike – and in the process hurt both brand and deliverability rates. A lack of authentication creates confusion and opacity about who can send emails. Layering email authentication with AI or ML analysis can authoritatively reject fake senders. Authentication, via DMARC, grants email senders permission to send emails and returns global control to brands.

Take a proactive approach to cyberattacks

The world continues to become even more confusing and complex. As more companies outsource their systems more and more employees work remotely, criminals have also started to automate their attacks. They will become more widespread and will hit a wider and wider set of targets of all sizes. Small businesses will not be able to fly under the radar as they have in the past. Authentication brings order and clarity by specifying who can do what with a company’s domain and email.

Organizations have many strategies to protect sensitive data. The first step is to educate their employees and raise awareness. Other smart processes include:

  • Implemented strict password requirements.
  • Back up data regularly and test these backups to ensure that they are restored successfully.
  • Implemented Multi-Factor Authentication (MFA) to reduce or eliminate the possibility of someone stealing login credentials and credentials. Use MFA for every entry point into your organization’s infrastructure, such as a combination of your VPN and identity provider.
  • Inventory and secure all privileged accounts, granting employees local administrator rights only when needed (not by default).
  • Patch devices regularly, prioritizing external devices like VPN. Reduce the time between patching software and operating systems, because monthly patch cycles aren’t enough to counter rapid attacks.

The government spends 80% of its annual IT budget on the operation and maintenance of existing IT systems, leaving little money to invest in emerging technologies. This summer, the Biden administration announced plans to step up efforts to disrupt ransomware campaigns. A State Department program will offer rewards of up to $10 million for information that helps arrest and punish cybercriminals targeting vital US infrastructure and holding them for ransom.

The first line of defense against ransomware is email authentication. When properly implemented, DMARC provides an efficient and cost-effective layer for determining email authenticity. Enforcing email authentication protects a company’s domain against inbound and global phishing abuse, provides visibility and control over the email services employed by the company, and helps protect the brand in as a whole against reputational and financial damage caused by fraud.

Over 850,000 domains publish DMARC records, and its adoption continues to grow exponentially. Billions of global inboxes support the DMARC standard, including all hosted by Google, Microsoft, Yahoo, AOL, and other major email service providers. It is high time to prioritize modernization of workforce and technology by incorporating DMARC solutions, email authentication and data encryption to prevent phishing/ransomware attacks.

Author Alexander García-Tobar is the CEO and co-founder of Valimail. He was CEO of two previous companies and led global sales teams for three companies that went public. Alexander has held analyst and executive positions at leading research firms, such as The Boston Consulting Group and Forrester Research, as well as Silicon Valley startups, such as ValiCert, Sygate, and SyncTV.


Comments are closed.