Email Security Systems Miss Thousands of Malicious Links (betanews.com) 45
A new study from email security company Mimecast shows that malicious links in emails are being missed by many security systems. From a report: Mimecast examined more than 142 million emails that had passed through organizations' email security vendors. The latest results reveal 203,000 malicious links within 10,072,682 emails were deemed safe by other security systems -- a ratio of one unstopped malicious link for every 50 emails inspected. The report also finds an 80 percent increase impersonation attacks in comparison to last quarters' figures. Additionally, 19,086,877 pieces of spam, 13,176 emails containing dangerous file types, and 15,656 malware attachments were all missed by these incumbent security providers and delivered to users' inboxes.
i don't them...i was not expecting an attachment (Score:2)
Re: (Score:2)
And what's wrong with that? Heck, I even let my mail client filter those pesky HTML attachments through lynx if need be -- too many bastards put the contents as such an attachment instead of the mail's body.
No operating system would be insane enough to run executables this way, would it?
Re: (Score:2)
Re: (Score:2)
Those are the old fashion ones. The thing is a lot of "secure" emails require you to click the link on the email, go to a secure site and read the email from the site. Outlook does this, as well as other options.
This habit makes it easy to click on the link to see the secure email.
The real problem is Email isn't secure, it is too easy to fool and spoof. It was an idea of well intention idealist, expecting only small scale usage.
Re: (Score:1)
The only way to stop malicious people with links, is good people with links.
The Six Dumbest Ideas in Computer Security... (Score:4, Informative)
A new study from email security company Mimecast shows that malicious links in emails are being missed by many security systems
Of The Six Dumbest Ideas in Computer Security [ranum.com], this is a combination of 1 (on the part of the MUAs) and 2 (on the part of the scanners). So, no kidding.
Re: (Score:2)
We still live with these dumb ideas, and as time goes on, things evolve with no improvement in sight.
Constructive solutions, please? (Score:2)
Oh wait. This is Slashdot. Asking for constructive solutions? Talk about pissing into the wind.
I know y'all [typical Slashdot commenters] will find the notion hilarious (at best), but I actually think there are solution approaches. I'm just mystified why no one is approaching them, though I'd appreciate your guidance to existing solutions almost as much as your better ideas.
For example, to whit...
A lot of these problematic links could be quickly identified if the intended victims were asked to help. Or even
Re: (Score:2)
Been getting good ones for Office lately (Score:3)
We have started receiving some very high-quality Office365 "Your password is about to expire" notifications. They are super specific and somehow they know we use MS. As usual they are an exact copy of the real email (none of the usual grammar or spelling mistakes). The fact MS spam filtering doesn't flag these is troubling.
If it weren't for the "From: Microsoft Office365 (billybob3248@ustexasam.edu)" it would look totally legit. My big issue that is that Outlook normally hides some of this information - at times making it difficult to see the mail headers. Gmail is a bit better, but only when it gets flagged as spam, I like their "Caution - this looks like [fishing/spam/other]"
Only a select sub-group of employees receives these emails. It's very focused, and apparently not random. They pit specific employees against each other "hey Sally, I'm not in the office, please pay this bill, signed Bob" And both Sally and Bob are real people who work together. Sally isn't on LinkedIn - so their relationship, if guessed, was spectacularly a good guess. It amazes me where this information might be mined from.
Re: (Score:2)
One way we have seen is that phishers will send empty messages around holidays in order to harvest auto-response e-mails complete with user sigs.
This not only nets the user's title, but also confirms that they are out of the office. Which then allows for a more sneaky spear phishing attack.
Re: (Score:2)
Re: (Score:2)
yes but.... are these connections available to an outside source? Linked in knows this connection. Can an affiliate also see this, thus passing it off to spammers?
We've been thinking long, but not hard, on this issue.
Microsoft the company who made weblinks dangerous (Score:2)
Outlook. (Score:2)
I hate the ones in Outlook that change the links like: https://na01.safelinks.protect... [outlook.com]... Argh.