E-mail .. The most common way to attack companies and individuals
In 1971, American programming expert Rey Tomlinson sent what is said to be the first e-mail message in history, and in 1982 e-mail was launched as a messaging system on a general commercial level; in the 37 years following its widespread use, hundreds of new
In 1971, American programming expert Rey Tomlinson sent what is said to be the first e-mail message in history, and in 1982 e-mail was launched as a general commercial messaging system.
In the 37 years since its widespread use, and the emergence of hundreds of protection and security systems in various fields, the status of e-mail as the largest possible source of attacks, and the most complex and largest cybercrime has not changed, 91% of cybercrime and attacks continue to occur through e-mail.
Information security experts acknowledge that this is the most unresolved security issue since 1982.
This is in a report published by the company «Fire Eye» specialized in information security on its website fireeye.com, which confirmed that e-mail is still one of the most common ways for hackers to attack companies and individuals.
The report revealed that out of 101 e-mails containing malware, 91% of cybercrime starts with an e-mail message, and you only need to trick one person into attacking an entire organization. The report pointed out that only 10% of e-mail attacks contain malicious software is ransomware and advertising software, Trojan viruses, and spyware, because with the security solutions based on the detection of malware only contained with e-mail, the attackers tended to adopt methods of attacks Free of malware.
The report pointed out that the growth rate of attacks based on phishing emails and phishing reached 65% in 2018, and the losses resulting in the institutions where the penetration of executives amounted to 12.5 billion dollars, while the growth rate in ransom attacks emanating from e-mail 46%, The cost of these crimes amounted to five billion dollars.
It was found that 32% of these attacks were repulsed by simply cleaning e-mail, 10% through anti-attack software, and 58% by smart security software.
Ken Bajnal, Fire Mail's vice president of email security, addressed the issue of the widespread use of e-mail, explaining that e-mail is still the main route between any two entities that have no connection.
"We are people who make mistakes, even those who are careful. They can click on malicious attachments in a deceptive email," he said. "Education and awareness will not eliminate this phenomenon, because it is human errors that will always happen."
Attempts to resolve
Some attempts are being made to find solutions to this issue, including a project in which many parties around the world are working together to reach a new protocol called DEMARK or Domain-based Messaging Authentication Protocol, a protocol for verifying, authenticating, and identifying mail messages. However, this protocol has not been widely used, as it is difficult to implement and implement, as initial experience has shown that it effectively prohibits all incoming messages, if it is not properly prepared. correct .
Another project that the National Agency for Internet Security in Britain is trying to implement is based on the notion of "reputation", or analyzing the sender's data and message, and giving him a reputation and trustworthiness, before presenting his messages to the recipient, thereby reducing the risk of phishing attacks.
Dangerous personal mail
The report considered that the use of personal mail by employees and employees of different institutions and organizations, rather than secure mail to their employees, is an important factor that plays a role in the continued spread of this issue.Usually, employees do not secure their own mailboxes, in the same way that institutions and companies do with Secure internal electronic mail systems.
Matthew Gardiner, product manager at Memcast Security, said it was a security risk and said the lesson to be learned from recurring incidents was that the company or organization must have good security defenses on its business email and then commit to using it. Without the employee's email box.