One Friday afternoon in May, Barracuda engineer and research scientist Luis Chapetti received what he would soon discover was a phishing scam message impersonating an official secure email from Bank of America Merrill Lynch.
Chapetti also discovered a malicious link in the email’s .pdf attachment that leads to a site that downloads a SecureMessage.zip file containing the Spyware/Win32.Zbot. The trojan steals personal information such as login details entered through a browser.
Bank of America Merrill Lynch customers are not alone. It is common for any bank customer today to receive the occasional security notice of such phishing attacks.
The recently released APWG Phishing Trends Report Q1 2014 reported a 10.7% jump in the number of phishing sites over Q4 2013 with payment services and finance continuing to be the most-targeted industry sectors. The number of phishing attacks observed in Q1 2014 was 125,215 – the highest Q1 detection since the 164,032 seen in Q1 2012.
“The number and diversity of phishing targets are increasing,” says Greg Aaron, president of Illumintel and senior research fellow at APWG, which was founded in 2003 as the Anti-Phishing Working Group, a coalition of more than 2,000 institutions worldwide. “Almost any enterprise that takes in personal data via the web is a potential target.”
Hence, growth-focused organizations need a strategy that ensures the security and availability of users’ data, especially for internet or cloud-based IT services and hybrid solutions.
4 key factors
While the internet paves the way for businesses to reach new markets and expand their customer bases, companies must first bolster their data centers with physical security control; data protection; business and data continuity; and data privacy and confidentiality.
Physical security control: Access should be granted on an as-need basis with controls such as two-factor security using a pass code or biometric scan; and security checks at critical locations in the data center.
Data protection: Industry-standard encryption technologies prevent unauthorized access to data during transmission to and from data centers. These include Secure Sockets Layer (SSL) to secure email transfers; and Secure Hypertext Transfer Protocol (HTTP) to secure web communication and verify web servers’ identities.
Digital certificates and keys: Industry certificate authorities provide publicly accessible certificates used by web and email servers. The US National Institute of Standards and Technology (NIST) recommends that these certificates use 2,048-bit encryption keys, which should protect against brute force attacks until the year 2031.
Data-at-rest protection: Emails marked for encryption should be protected through Advanced Encryption Standard with 256-bit cipher. Boost security further by storing data encryption keys separately from the encrypted data and encrypting emails using separate keys for different recipients.
Business and data continuity: Growth-focused enterprises ensure that customers’ data is accessible even when operational issues, disasters and increased demand occur. For example, if a server fails, services automatically migrate to redundant servers, or remain accessible using standard RAID technologies.
Data privacy and confidentiality: In a multi-tenant cloud environment, each customer’s, department’s or business unit’s databases, files, web and mail access, and encryption keys should be isolated logically and physically from others’ data. Strong encryption of data stored in service facilities is a must.
These considerations are especially crucial for organizations in Singapore where the Personal Data Protection Act (PDPA) came into force early this month after an 18-month transition period.
Cases for data security and compliance
Comprehensive data security can be enhanced to serve growing compliance requirements through integration with archiving or backup solutions, be it in appliance, virtual appliance and cloud deployments.
To support his company’s growth, Payman Moussavi, IT manager at US-based specialist demolition company Ferma Corporation, has relied on cloud-connected security and storage solutions provider Barracuda Networks for email security, email archiving, and content filtering.
Since deploying the Barracuda Web Filter, the company has minimized end-users’ exposure to malicious content while increasing their productivity from about 40% to 90%. The Barracuda Spam and Virus Firewall, which replaces a third-party service that cost USD1,000 per month for license fees per user, has also helped to block millions of bad email, reducing wasted bandwidth and risk of data loss.
As Ferma is heavily regulated by different industries, it has to store emails for up to seven years in some cases. “One of the big pluses with the Barracuda Message Archiver is that we were able to journal and keep emails off our Exchange server and free up resources,” says Moussavi. “And when an employee leaves the company, we can actually reimage the computer and send it to somebody else.”
This is possible because Barracuda Message Archiver’s policy engine allows granular management of archiving actions and permissions.
At Citizens & Farmers (C&F) Financial Corporation, network administrator Vinson Berry and his team deployed three Barracuda Web Filters to block spyware at the gateway and desktop; protect against viruses, compromised websites and social engineering; and control Web access. Barracuda Central, an advanced security operations center, feeds continuous Energize Updates on the latest internet threats.
In addition to bandwidth savings of USD12,000 per year through effective blocking rules for video streaming, the Barracuda Web Filter also gave Berry’s team granular control over what social networking sites employees could visit at work.
For example, they can scan and inspect SSL-encrypted traffic for social media categories and domains to enforce granular policy enforcement, such as archive social media posts and protect against social media malware.
With Barracuda Web Filter 8.0, web application monitoring features have been expanded to monitor traffic for credit card and social security number patterns, privacy terms, and HIPAA compliance terms. Alerts are tagged with the network user identities so that the source can be identified.
To manage its inbound and outbound email traffic and protect its email servers from dangerous phishing attacks and offensive content, Berry installed the Barracuda Spam Firewall.
“The last time I checked, we had blocked 55,000 emails and another 7,000 rate-controlled emails over the course of one day,” he says. “Out of over 66,000 emails, only 4,300 were legitimate, meaning that Barracuda Spam Firewall blocked 93% of our incoming email – all of it spam.”
Significantly, Barracuda Networks was named a leader in the IDC Marketscape: Worldwide Messaging Security Appliance/Software 2013-2014 Vendor Assessment for having, “strong competency in running an efficient and cost-effective security hardware appliance business”. The report also noted Barracuda Spam Firewall’s integration with archiving and backup solutions in the cloud and on-premise as a key feature.
IDC also ranked Barracuda number one in content security appliance unit shipments with 10.3% market share in its Worldwide Quarterly Security Appliance Tracker, Q3, December 2013 report. Barracuda’s Spam Firewall, Web Filter and other content security solutions are available in appliance and virtual appliance options.
These solutions are clearly designed for organizations expanding their portfolio of services and want to assure customers of protection from advanced malware and phishing scam messages like the one discovered by Chapetti in May.