Email security: Encompassing reliable malware detection and efficient IT forensics

As business processes board the digital bandwagon, the number of emails sent from the office is on the rise, in turn leading to an increase in the volume of harmful malware in circulation. According to Kaspersky, the average costs incurred per company as a result of such cyber attacks amount to an astounding US$551,000. This is especially pronounced in South East Asia, which is achieving among the world’s fastest rates of progress in digitalization and corporate internet usage. In fact, the Singapore Government recently announced Budget 2017 places a high priority on promoting digitalization. 

Increasing sophistication and amount of cyber attacks through emails
Today’s cyber attackers are getting ever more sophisticated and the amount of attacks is on the rise. Trend Micro reported that more than 90 percent of targeted attacks begin with a spear phishing email. For example, the recent DNSMessenger attack started with a malicious Microsoft Word document masquerading as a protected document, which was distributed by means of an email. As soon as recipients enabled the content, malicious script embedded in the document was executed.

Retarus also observed that the average number of viruses unearthed per month in 2016 amounted to 3.5 times the number of viruses monitored over the whole of 2015, meaning that the amount of viruses rose by a factor of 42 in a year-on-year comparison. AV-Test Institute moreover registered over 390,000 new instances of malicious software every day, meaning an average of 270 new computer viruses per minute.

No foolproof protection
This is why the implementation of powerful technological solutions for virus protection, for intelligent filtering of spam and phishing, as well as to block threatening attachments is more important than ever to safeguard companies’ assets and data, while also preventing financial and reputational damage.

That said, a single technology cannot ensure 100 percent protection against all virus attacks and there will always be a small amount of malware that finds a way to sneak into the system. It is no longer enough to invest in high-performance protection and phishing prevention to avert future attacks. While these cyber security systems are still learning about new malware and other threats to get prepared for them, new viruses could already have entered the infrastructure and cause great harm.

Malware detection and IT forensics
To prevent damage to company assets and the theft of sensitive data, it is crucial that SMEs, MNEs and governmental entities implement multi-level virus protection in combination with malware detection and IT forensics solutions. Innovative detection technologies are able to identify infected emails that have already been delivered and gained access to the system.

Digital fingerprinting is one such method of efficiently and thoroughly tracking harmful emails. Hashes are generated for email attachment as it is received by an employee and then stored in a database. When a virus scanner identifies malware of the same type, the fingerprint will be compared with the ones in the database. If a match is found, the infected mail is deleted immediately and an alert can be send to administrators and all previous recipients of the mail.

This means that measures can be started immediately to prevent the virus from spreading throughout the company’s network and the resulting damage can be minimized. Following such attacks, IT forensics is most important. Detection and response services can also help forensic investigations by providing detailed reports with concrete points of reference about the kind and time of the attack, which recipients and parts of the system were affected and which users’ messages should be searched for viruses.

This helps to prevent future attacks, as these reports are able to answer four key questions of IT forensics– what happened, where it happened, how it happened and if it is still happening. Clarifying these questions allows companies to react quickly and to build up new solutions against further attacks, as the information gained can be used to optimize the settings of the virus protection system as well as to sensitize employees about existing threats.

Oliver Prevrhal, Managing Director for Retarus Asia