For Companies Worried About the Inside Threat, There’s Also Danger in the Distance

There’s been so much attention paid to employees’ susceptibility to phishing attacks and vulnerabilities on the inside, that some companies may be missing a key threat vector.

There’s also danger outside the perimeter. Hackers continue to innovate. And now some threats never touch you. They use your company’s own brand to attract victims. They do this by impersonating your company or your people. They may spoof your domain.

And the entities victimized are not limited to businesses. The attackers have also impersonated government agencies. Tens of thousands of domains have been registered in recent weeks, as attackers have been trying to take advantage of the Covid-19 pandemic by impersonating government organizations and taking advantage of unsuspecting individuals.

These were some of the dangers highlighted during a recent briefing delivered for a team of TAG Cyber analysts by Dan Sloshberg, who heads Mimecast’s product marketing for security products.

Founded in 2003 and headquartered in London, Mimecast specializes in cloud-based email security. It went public in 2015 and now has 37,000 customers and more than 1500 employees. In addition to the United Kingdom, its dozen offices are located in the United States, Germany, the Netherlands, South Africa, the United Arab Emirates, Australia and Israel.

In the company’s State of Email Security Report 2019, Mimecast said that 85 percent of the companies it surveyed reported that they had been hit with an impersonation attack during the previous 12 months, and two-thirds saw these attacks increase. Fully 88 percent saw email-based spoofing of business partners and vendors.

Cyber criminals can easily send email made to look like it has legitimately come from your domain. They can also quickly and inexpensively construct and register a domain and a log-in page that looks like your company’s, Sloshberg said. From there they can send out email that looks like it came from you and also use social media, fake ads and SMS-based phishing to drive people to it. And you may know nothing about it.

To defeat these kinds of innovations, companies need to marshal innovations of their own. Mimecast’s DMARC Analyzer is an example of a product designed to defend against direct domain spoofing. Acquired by Mimecast in November, it helps companies detect and block unauthorized uses of their own domains, Sloshberg said. DMARC (the name is an acronym for domain-based message authentication, reporting and conformance) is particularly adept at helping companies defeat email sent fraudulently from your domains to trick those that trust your brand. It gives you the ability to see who is sending email on your behalf, and ultimately to block all email not coming from a valid source.

More recently, Sloshberg continued, the company acquired another product that works in concert with DMARC. In January Mimecast bought Segasec to defend against fake websites and domains that, if not checked, harvest the credentials of customers, partners and vendors in its supply chain. Brand Exploit Protect, as it is now known, hunts for sites impersonating your brand online and can swiftly take down fakes. It’s designed to find attacks at the earliest possible stage. It can even anticipate and thwart fraudulent sites before they’re fully established, Sloshberg said.

Brand Exploit Protect uses machine learning to identify potential fraudulent, lookalike domains. An attacker may go to your website and copy code in order to publish it elsewhere, or to recreate a lookalike login page. The service can detect either of these unauthorized intrusions and report them, Sloshberg said. With the help of managed SOC analysts (included with the service), the client can sometimes block the effort before the attack is launched. Integration with Mimecast’s email and web security services allows you to block any potentially malicious domains and URLs targeting your own employees with the click of a button.

More often Mimecast’s brand monitoring detects a fraudulent domain after it’s created and moves to take it down. Takedowns are usually accomplished quickly and easily, Sloshberg said. Mimecast’s close relationship with ISPs and hosting organizations facilitates the process.

Mimecast’s presentation made it sound as though there are effective tools available to counter these threats. But the key factor for companies in this case is where they focus their attention. Those that obsess over threats inside the perimeter may be oblivious to the dangers in the distance.