CybernetAsia finds out connecting with a pioneer in the country’s communications sector.
Back in the late ‘90s, the Internet boom in India had made electronic mail (as it was commonly called back then) a fast and effective communications medium to bypass the geographical limitations of ‘snail mail’. email threats were unheard of then.
Fast forward to 2021. email security is a common issue across the country now, with several attacks being reported frequently. One pioneer email solutions firm that had thrived on growing the e-communications market in the country since the boom, Rediff, now devotes a lot of resources to understand existing and emerging vulnerabilities in the ever-evolving email communications sector, and how organizations and common people can overcome those threats.
CybersecAsia arranged a conversation with the firm’s senior director of technology, Amol Mujumdar, to catch the latest developments on that front.
CybersecAsia: How has the email security scenario evolved globally and in India over the past 25 years?
Amol Mujumdar (AM): In the early days, email was mostly used to exchange personal messages between families across borders, or by students exchanging study material or by research organizations. Early signs of spamming mails were seen when marketers started sending unsolicited mails to users. In no time, spam traffic had overgrown regular email traffic.
Those days it was imperative for email service providers to safeguard users’ inboxes. Various methods were deployed to filter spam, which included heuristic filtering, header information processing, word obfuscation filtering, naive Bayes classifiers, decision tree classifiers, etc. The results were encouraging. We could filter out most of the unsolicited mails and keep inboxes clutter-free.
With the advent of virtually unlimited size mailboxes, miscreants came up with innovative techniques of exploiting the fair usage storage limits. From using these large-size mailboxes to store and share pirated material, to bulking sign-ups of email ids for sending spam, we had to ensure that our mechanisms kept pace in dealing with such exploits.
Thanks to our heuristic approach, we could deploy a set of over 10,000 algorithms that were connected with a tree of decision. Each algorithm was aimed at recognizing a behavior based on usage of the service and target countermeasures employed by miscreants.
As the usage of email grew beyond homes and universities, spammers evolved from sending marketing messages to click frauds to malware/ransomware and other methods of data breaches.
Now, our security technologies range from naive techniques to machine learning methods and advanced malware detection techniques that facilitate zero-day filtering like fingerprint analysis and comprehensive file analysis for emerging threats like polymorphic and metamorphic malware.
India has kept pace with global cyber threats all the while.
CybersecAsia: What are the specific email threats that global organizations are facing today?
AM: Though organizations have been prompt in enforcing iron-clad Bring Your Own Device (BYOD) policies, the recent Work-From-Home compulsions have kept the IT folks on their toes. From protecting endpoints (personal devices) used by employees at home to adopting email traffic monitoring solutions like MDM and DLP, organizations are leaving no stone unturned in their effort to protect their IT assets.
Cyberattacks have become increasingly targeted: stealthy, and persistent these days. Targeted malware, heavily socially-engineered impersonation attacks, and phishing threats are the top threats that leave organizations at risk of a data breach and financial loss. Also common now are fraudulent emails such as fake account closure notices, fake emails from logistic operators claiming delivery notifications, fake giveaway promos, etc., which make users fall prey to cyber frauds.
Through our partnership with top global cybersecurity organizations, we have access to global threat information sharing networks. Augmenting our own threat intelligence and analyses with information from third parties, we have been reasonably successful in keeping cyber miscreants at bay.
CybersecAsia: Despite enhanced email security, phishing, spoofing, spamming, business email compromise (BEC), malware and wire transfer frauds are still rampant. Why and what is the solution to it?
AM: A chain is no stronger than its weakest link. Large enterprises, more likely than not, have an advantage in terms of planning resources. They have dedicated security teams which assess their security posture and understand the technical, process and people control that they need to put in place to mitigate the risks to their business. However, more than 80% of cyberattacks now are targeted at small businesses, which often do not pursue the same depth of analysis and planning, as they are likely to be more budget and resource constrained.
Email was not really designed with any privacy or security in mind. SMTP, which is responsible for moving email around the Internet, does not have any inherent spoof protection. Cybercriminals have found spoofing to be a proven way to exploit user trust of well-known brands. Social engineering has been a proven technique of BEC.
Untrained users cannot tell a real message from a fake one, and large mailbox providers have to make very difficult (and frequently incorrect) choices about which messages to deliver and which ones may harm users.
CybersecAsia: How can email service providers ensure additional protection and security against such attacks?
AM: Mailbox providers need to invest in advanced techniques of detecting and filtering such attacks. By analyzing the past email transactions between users and extracting the behavioral patterns, correlation between display names and their respective email IDs can be established.
Naïve string comparison techniques may not always work, and one may need to use some sophisticated fingerprinting techniques. Lookalike domains are deceptive, because they are visually confusing. Cybercriminals exploit this ability of our brain to comprehend text despite spelling errors and misplaced characters. Since this is about vision, the domain name’s text can be used to generate images and then use image comparison algorithms to compare those images.
While there are technical standards like Domain-based Message Authentication, Reporting, and Conformance (DMARC) to improve email security, it has not found widespread acceptance. If adopted widely by all email service providers, DMARC will make it easier for email senders and receivers to determine whether a given message is legitimately from the sender, and what to do if it is not.
A limitation with DMARC is that it deals only with email IDs. Most email clients use only show the display name of the sender and not the full address. Phishers generally trick their targets by spoofing the display name. They send emails to the targeted employees, which seem to come from a colleague or business associate. The first few interactions typically do not contain any link or attachments, hence are difficult to be detected by anti-spam and anti-virus filters.
After a few interactions, the phisher either sends a link to the targeted employee that can infect his machine or drives the target to transfer money to his account, claiming an extraordinary situation and urgency. Another proven technique is using lookalike domains, where cybercriminals register and use domains to send emails that are remarkably similar to the ones that they are targeting.
CybersecAsia: When it comes to such attacks, how vulnerable are Indian email users as compared to their Western and regional counterparts?
AM: Though most users and organizations in India are responsible enough to safeguard their IT assets, there are many out there who are exposed to cyber fraud, primarily due to unsecured devices. Use of pirated and outdated software adds to the threat.
Responsible organizations should consider their staff as their assets and invest in training them in dealing with cybercrime. Such practices are common in the Western and should be accepted with open arms by Indian companies. Open/public Wi-Fi hotspots are on the rise in India. Users are often tricked into connecting to such unsecure free hotspots. Once a victim is connected, cybercriminals can snoop and steal confidential data being sent and received through emails.
CybersecAsia thanks Amol for his insights.