Report: Business Email Compromise (BEC) Now A $12.5 Billion Scam

/0 Comments/in /by

Email continues to be the top vector used by cybercriminals, and business email compromise (BEC) is gaining traction as one of the preferred types of email attacks.

BEC attacks do not contain any malware and can easily bypass traditional email security solutions. For cybercriminals, there is no need to invest in highly sophisticated and evasive malware. Instead, they engage in extensive social engineering activities to gain information on their potential targets and craft personalized messages.

What makes these attacks dangerous is that the email usernames and passwords of corporate executives are easily available to cybercriminals on the dark web, presumably due to data breaches of third-party websites or applications.

“Through 2023, business compromise attacks will be persistent and evasive, leading to large financial fraud losses for enterprises and data breaches for healthcare and government organizations,” says Gartner in their recent report, Fighting Phishing – 2020 Foresight 2020.

What is Business Email Compromise?

BEC attacks spoof trusted domains, imitate brands and/or mimic corporate identities. In many cases, the emails appear from a legitimate or trusted sender, or from the company CEO typically asking for wire transfers.

According to the FBI, BEC is defined as a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. This is a very real and growing issue. The FBI has put up a public service announcement saying that BEC is a $12.5 billion scam.

Types of BEC or Email Fraud

Email has been around since the 1960s and the current internet standard for email communication —  Simple Mail Transfer Protocol (SMTP) — was not designed to authenticate senders and verify the integrity of received messages. Therefore, it’s easy to fake or “spoof” the source of an email. This weak sender identification will continue to present opportunities for creative attacks.

For example, here is a screenshot of a recent spoofing email that I encountered. The messaging seemingly originated from my colleague. The displayed sender’s name invokes an immediate recognition for the recipient. But a closer examination of the sender’s domain reveals the suspicious nature of the email.

Now, let’s look at the different types of spoofing techniques a threat actor might use to initiate an attack:

Display Name Spoofing
This is the most common form of BEC attack. In this case, a cybercriminal tries to impersonate a legitimate employee, typically an executive, in order to trick the recipient into taking an action. The domain used could be from a free email service such as Gmail.

Domain Name Spoofing
This includes either spoofing the sender’s “Mail From” to match that of the recipient’s domain in the message envelope, or using a legitimate domain in the “Mail From” value but using a fraudulent “Reply-To” domain in the message header.

Cousin Domain or Lookalike Domain Spoofing
This type of attack relies on creating visual confusion for the recipient. This typically involves using sister domains such as “.ORG” or “.NET” instead of “.COM,” or swapping out characters, such as the numeral “0” for the letter “O,” an uppercase “I” for a lowercase “L.” This is also sometimes referred to as typosquatting.

Compromised Email Account or Account Take Over (ATO)
This is carried out by compromising legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds or data theft.

Best Practices for Stopping BEC Attacks

Concerned your organization could fall prey to business email compromise? Here are some email security best practices that you can implement to protect against sophisticated BEC attacks.

  1. Block fraudulent emails by deploying Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM) and Domain-Based Message Authentication, Reporting and Conformance (DMARC) capabilities.
  2. Enable multi-factor authentication and require regular password changes to stop attacks from compromised accounts.
  3. Establish approval processes for wire transfers.
  4. Deliver periodic user-awareness training for a people-centric approach to combat email attacks.

How to Stop Email Spoofing

Whether it’s CEO fraud, forged emails, business email compromise (BEC), impostor emails or impersonation attacks, all email spoofing attacks present a dangerous risk to organizations. Review the solution brief to gain four key best practices to help mitigate the email spoofing attacks that impact your business.

GET THE BRIEF

Report: Low Confidence in Stopping Business Email Compromise (BEC), CEO Fraud

/in /by

Email is the primary tool for business communications and it’s used across the globe by organizations of all sizes. So, it’s no surprise that email is also today’s No. 1 threat vector for cyberattacks.

The cyber threat landscape has evolved to a great extent. Today, email attacks are highly targeted and cybercriminals engage in extensive social engineering activities to learn information about their targets in order to craft personalized emails.

Such targeted and sophisticated phishing attacks have a higher success rate than mass campaigns. Users implicitly trust a familiar name or email with personal information. These email may contain malicious attachments, weaponized URLs to deliver malicious payloads, phishing websites with fake login pages to steal login credentials, or malware-less email that seeks confidential information or a wire transfer.

With the changing threat landscape, coupled with the lack of human and financial resources to keep pace, organizations find themselves as susceptible targets for email-based attacks, such as spear-phishing and CEO fraud/business email compromise (BEC).

To that end, SonicWall recently worked with the Osterman Research and surveyed organizations to understand:

  • What are the top concerns for IT security decision-makers?
  • Why are cyberattacks succeeding?
  • How do you evaluate your current security posture?

Some of the key survey findings include:

  • Cyber threats are becoming more sophisticated as well-financed cybercriminal gangs develop improved variants of malware and social-engineering attacks. The perceived effectiveness of current security solutions is not improving – or is actually getting worse – for many organizations.
  • Most decision-makers have little confidence that their security infrastructure can adequately address infections on mobile devices, CEO fraud/BEC and preventing user’s personal devices from introducing malware into the corporate network.
  • To address the worsening threat landscape, security spending at mid-sized and large organizations will increase by an average of seven percent in 2018 compared to 2017.

The white paper also discusses the level of confidence that security professionals have in defending against these advanced threats. For example, 58 percent of those surveyed believe that their current solutions to eliminate malware before it reaches end users are either “very good” or “excellent,” and 55 percent believe that their ability to protect users from ransomware is this effective.

Unfortunately, things get worse from there: fewer than half of respondents believe their ability to block phishing attempts from end-users, eliminate account takeover attempts before they reach senior executives, and protect sensitive data is either “very good” or “excellent.”

Finally, some best practices that decision-makers must consider to protect against these advanced threats are:

  • Deploy a multi-layer approach for email security
  • View security holistically from cloud services to endpoint, with end-to-end monitoring
  • Train all users, including senior executives
  • Use adequate threat intelligence
  • Establish detailed and thorough policies

Get the In-Depth Osterman Report

Download the exclusive Osterman white paper, “Best Practices for Protection Against Phishing, Ransomware and Email Fraud,” compliments of SonicWall. The paper explores issues that security professionals face, how to evaluate your current security posture and best practices to consider implementing for sound email security.

DOWNLOAD THE PAPER

Phishing Threats – How to Identify and Avoid Targeted Email Attacks

/0 Comments/in /by

Phishing threats have been around for years. By now anyone can easily detect a fake email, right?

Wrong. How confident are you that you wouldn’t divulge your password, credit card info or online identity? Here is a quick refresher on phishing threats and what you can do to protect yourself.

What is Phishing?

As you may already know, phishing threats involve malicious emails that attempt to get you to disclose your personably identifiable information (PII) to compromise your personal identity or corporate data.

Hackers create emails that look like official communications from familiar companies. These are sent to millions of unsuspecting addresses in hopes that someone will follow the links and share sensitive information that the hackers can exploit. These phishing emails employ a variety of techniques.

How to Spot Phishing Attacks

The best way to protect yourself from phishing threats is to recognize and avoid these common phishing tactics:

  • Generic greetings: The opening lines of phishing emails are often very vague and general in nature.
  • Typos or Poor Grammar: A poorly written email is less likely to have come from a legitimate company. In addition, do not be tricked if the email happens to include a legitimate-looking logo.
  • Urgency: Phishing emails often sound alarmist, trying to scare you into taking action (and sharing your information) immediately.
  • Fake Links: Phishing emails routinely obscure the URL addresses, and instead take you to an unsecured site where your sensitive data is solicited. To see exactly where a link will take you, simply hover over it. If in doubt, don’t click it. Instead, open a new browser session and manually enter the address (i.e., don’t copy and paste) you want to visit.
  • Attachments: Delivered via email attachments, malware that is executed (i.e., the attachment is opened) allows a hacker to exploit vulnerabilities on your computer Never open an attachment unless you are sure it is legitimate, safe and expected. Be cautious with any unexpected invoices from companies you’re not familiar with, as attachments might contain malware that installs upon opening.
  • Spoofed Sender: Makes it easier for a hacker to impersonate someone you’d normally trust (e.g., coworker, bank, government agency)

Take the Phishing IQ Test

Interested in seeing how well you are at telling the difference between a legitimate website and one that is a phishing attempt? Take the SonicWall Phishing IQ Test to find out.

TAKE A PHISHING QUIZ

7 Email Security Best Practices for Office 365 in the Cloud

/0 Comments/in /by

Cloud applications are not quickly approaching — they’re here. As organizations strive to manage costs and resources, solutions that are affordable, scalable and functionally robust are most appealing. Cloud applications promise to deliver this and more. For these reasons, adoption is accelerating.

Microsoft is at the forefront of the cloud application wave. Their Office 365 service enables workplace collaboration with not only a core email application, but also many popular Microsoft Office apps.  However, Office 365’s potential for open exchange of information also makes it a prime target for hackers.

Migrating To Cloud Services While Ensuring Security

Well-informed organizations are keenly aware that modern emerging threats exploit email as the primary mechanism for delivering their payload, and thus are evaluating more leading-edge security solutions. Targeted, coordinated attacks, data leaks and email-borne threats (including ransomware, phishing and spam attacks) all threaten cloud-based email services, such as Office 365.

Although Office 365 does include some security measures, prudent organizations recognize the need to reinforce these elementary security controls. According to Gartner, “By 2018, 40% of Office 365 deployments will rely on third-party tools to fill gaps in security and compliance, which is a major increase from less than 10% in 2015.”

Furthermore, leading industry analysts, including Gartner and IDC, recommend reinforcing Office 365 by integrating third-party email security solutions that, at a minimum, provide the following essential components:

  1. Advanced threat protection: Most anti-virus solutions are signature-based, and therefore ineffective against advanced threats such as ransomware. A sandbox environment is required to detect and prevent ransomware and zero-day attacks before they even reach your network.
  2. Known threat protection: For effective security against attacks leveraging known malware, we recommend using multiple virus detection engines to scan email messages and attachments for viruses, Trojans, worms and other types of malicious content.
  3. Phishing protection: Phishing campaigns have emerged as the method of choice for delivering ransomware. Proper mitigation requires an email security solution that incorporates advanced analysis of an email’s subject, body and attachment by leveraging a sandbox environment.
  4. Fraud protection: Hackers utilize advanced tactics such as spear phishing, whaling and CEO fraud to solicit for personally identifiable information (PII), or to carry out fraud by impersonating emails from within the organization. Granular configurations for email settings, including SPF (Sender Policy Framework), DKIM (Domain Keys Identified Mail) and DMARC (Domain-based Message Authentication, Reporting and Conformance). These can help prevent illegitimate messages from entering your organization.
  5. Spam protection: To ensure spam does not clog inboxes and network resources, your organization needs an email security solution that leverages multiple methods of detecting spam and other unwanted email, including using specific allowed and blocked lists of people, domains and mailing lists; and the ability to enable third-party blocked lists.
  6. Advanced Reputation Management (ARM): A collaboration of multiple, cross-verified SonicWall Capture Threat Network sources, including SonicWall Advanced Content Management (ACM), provides dynamic, up-to-date analysis of email component reputations.
  7. Data loss prevention: An organization’s most sensitive communications require the utmost protection. The best measure is to encrypt sensitive emails and attachments using a service that works in tandem with email security.

How Sonicwall Hosted Email Security For Office 365 Can Assist

SonicWall Hosted Email Security (HES) is a multi-layer defense service that integrates with SonicWall Capture Advance Threat Protection (ATP), delivering fine-grained and user-transparent inspection of SMTP-based traffic to block zero-day threats.

SonicWall HES also includes advanced compliance scanning, management and optional email encryption, to prevent confidential data leaks, regulatory violations and to ensure the secure exchange of sensitive data.

With SonicWall HES, no additional client software is necessary. In addition, the service includes DMARC, a powerful email authentication method that helps identify spoofed mail, reducing advanced phishing attacks.

SonicWall HES enhances Office 365 using a multi-layer defense approach for industry-leading protection against advanced threats delivered via email. It also delivers superior anti-phishing, anti-spoofing, anti-spam, multi-engine AV and data loss prevention (DLP) for comprehensive protection.

Embrace The Cloud

Don’t let threat actors, criminals and nefarious organizations ruin the benefits your organization receives from workplace collaboration. Once integrated into Microsoft Office 365, SonicWall HES provides unparalleled breach prevention capabilities that defend against advanced threats originating from emails.

To learn more about how SonicWall HES protects your organization and enhances Microsoft Office 365, read more via the Tech Brief: Click here.

Download Solutions Brief

Is Your Email Security GDPR Ready?

/0 Comments/in /by

On May 25th 2018, the European Union (EU) will introduce its General Data Protection Regulation (GDPR). The GDPR is a set of regulations meant to protect personal data of EU residents, and enforces data privacy rules on how organizations collect, store and use the information. Failure to comply with the EU GDPR regulation carries heavy penalties including fines of up to €20 Million or 4 percent of global turnover. This includes information exchanged over email. According to Infowatch global data leakage report, email is the second largest channel for data leaks.

Some key elements of the regulation include:

  • GDPR applies to all organizations that process the personal data of subjects residing in the EU, regardless of the organization’s location.
  • Breach notification will become mandatory, and must be done within 72 hours of first having become aware of the breach.
  • EU residents have the right to obtain confirmation as to whether or not personal data concerning them is being processed, where and for what purpose.
  • The right to be forgotten entitles the residents to have the organization erase his/her personal data, and cease further dissemination of the data
  • Privacy by design calls for the inclusion of data protection from the onset of the designing of systems, rather than an addition.

Here are certain implications of GDPR on an organization’s emails and email security:

  • Personal data is classified as any information that includes personal email addresses, phone numbers etc. that are commonly used for marketing.
  • Organizations in regulated industries such as retail, finance and healthcare have to deal with added layers of complexity to comply with competing regulations
  • To implement appropriate technical measures to comply with “privacy by design,” organizations must include email encryption and compliance capabilities to their email security infrastructure.

To comply with GDPR, key capabilities to consider while evaluating your email security include:

  • A comprehensive multi-layered approach that provides strong inbound and outbound protection
  • Sandboxing and quarantining of any unknown email attachments to prevent breaches
  • Strong encryption and DLP for compliance and regulatory requirements

Download our tech brief to learn more about SonicWall Email Security’s compliance and encryption service, and how it can help you comply with the EU GDPR.

DOWNLOAD TECH BRIEF

Enemy at the Corporate Gate: Why Email Security is More Crucial Than Ever with Dell and SonicWall

/0 Comments/in /by

Note: This is guest blog post by Bryan Chester, Vice President of North America Partner Software and Imaging Sales at Dell.

Email has long been acknowledged as a business critical application. However, it can expose your organization to devastating sabotage by offering hackers an easily accessible vehicle to exploit vulnerabilities in your organization’s network security.

There are a multitude of repercussions if email-based threats such as ransomware, phishing, or viruses make it into your email servers and users’ inboxes.  Given today’s complex threats, it is crucial that organizations deploy a multi-layered security solution that includes dedicated, leading edge email protection.

Even with the knowledge of that threat, it is becoming increasingly difficult to accurately detect all of the bad emails without creating a bottleneck and dampening your employee productivity. This is especially true for emails containing attachments.

So what can you do to protect your environment at an email level while not slowing down your critical business processes? Dell and SonicWall can help you answer that question.

SonicWall Email Security leverages multiple patented SonicWall threat detection techniques and a unique worldwide attack identification and monitoring network. This next-generation SonicWall Email Security solution protects your organization from today’s most advanced email threats.

SonicWall Email Security includes the cloud-based Capture ATP (Advanced Threat Protection) service that can scan a broad range of email attachment types, analyze them in a multi-engine sandbox, and block dangerous files or emails before they reach your network. Email Security with Capture ATP gives you a highly effective and responsive defense against email threats, all at a low TCO.

SonicWall Email Security features include:

  • Advanced Threat Protection: Integrates Capture cloud-based sandboxing technology for detection of zero-day threats such as ransomware, for fine-grained inspection of SMTP traffic
  • Next-generation Email Protection: Incorporates anti-spam, anti-virus and anti-spoofing functionalities to not only detect and prevent spam and other unwanted email, but also scan email messages and attachments for ransomware, Trojan horses, worms and other types of malicious content.
  • Improved Office 365 Support: Enhances security for multi-tenant environments by providing a method for ensured, mapped delivery of emails for SonicWall Hosted Email Security environments
  • Updated Line of Appliances: Refreshes SonicWall’s line of Email Security Appliances (hardware and virtual options), helping customers to better face threats delivered by email.
  • Encryption Protection: Supports not only SMTP Authentication, but also the encryption service feature enables any email containing protected data to be automatically encrypted, routed for approval or archived.
  • Policy and Compliance Management: Enables an administrator to enact policies that filter messages and their contents as they enter or exit the organization. This allows organizations to meet regulatory requirements based on government legislation, industry standards or corporate governance activities.
  • To learn more download the SonicWall Email Security 9.0 data sheet or view a live demo of the SonicWall Email Security Solution to see all of the latest enhancements.

Reach out to your Dell and SonicWall contacts today to learn more about how SonicWall Email Security can protect your organization by scanning all inbound and outbound email content and attachments for sensitive data, all while delivering real-time protection from spam, phishing, viruses, malicious URLs, spoofing, Denial of Service (DoS), and a myriad of other unknown and sometimes unimaginable attacks.

Securing Email in the Age of Ransomware and Phishing Attacks

/0 Comments/in /by

Email security has become a big concern for organizations, thanks to phishing campaigns that deliver ransomware. Recently, there has been no shortage of notable cyber attacks. The Google Docs attack, Docusign phishing attackGannet phishing attack, and Jaff ransomware and its variants were all delivered through phishing emails.  Most recently, the WannaCry ransomware attack was spread through an SMB vulnerability.

According to a survey by the SANS institute, spear-phishing and whaling attacks are increasing dramatically. Spear phishing was identified as the second most significant type of attack (ransomware takes the honors for the top spot).  In the case of spear phishing attacks, cyber criminals are carrying out extensive social engineering activities to gather personal information and craft messages that appear from trusted sources to gain the victim’s confidence.

It is becoming increasingly difficult to accurately detect all bad emails, especially those containing attachments, without slowing down email to such an extent that it impacts employee productivity. In many cases, critical business communications need to be delivered promptly, without any delay or being lost in junk or spam folders. In addition, traditional signature-based technologies are proving to be ineffective in stopping phishing emails that contain malicious payloads such as zero-day/unknown malware and ransomware.

In today’s landscape, an effective email security solution should:

  • Align with and complement your network security solutions
  • Integrate with network sandboxing to scan all you SMTP traffic and email attachments
  • Provide granular administrative control over settings and must be able to set policies such as “Tag a subject line” or “Strip email attachment” in cases where communication is of the utmost importance
  • Feature anti-spoofing authentication mechanisms such as DKIM, SPF and DMARC, to protect against impostor emails
  • Offer encryption and data leakage prevention (DLP) capabilities for outbound protection

Email is the top attack vector, and most cyber attacks typically start with a phishing or spear phishing attack. Almost every organization has deployed some sort of email security solution. However, the threat landscape is constantly evolving and today’s advanced threats are designed to bypass traditional security techniques. Now is the right time to evaluate the currently deployed solution and analyze gaps in your security posture. To reduce risk exposure, email security must use a multi-layered approach. Read our solution brief to learn about the critical capabilities of next-generation email security here.

DOWNLOAD TECH BRIEF

SonicWall Protects Customers from the Latest Phishing Attacks

/0 Comments/in /by

Ransomware attacks have been in the headlines a lot of late. Did you know that 65% of all ransomware attacks happen through phishing emails? Therefore, email security needs to be a major focus when delivering security awareness training. It is likely that future variants of the recent WannaCry ransomware attack will be delivered via phishing emails.

As reported earlier this month, some Gmail users fell victim to a massive phishing attack that frightened many… a phishing attack that targets all your contacts. Now let us look at how gmail users were susceptible to the phishing attack.

THE PHISHING EMAIL

Gmail users received an email (from a known sender) that was an invitation to view a shared Google Doc. After clicking the link in the invitation email, users were directed to a legitimate “Google – Choose An Account” screen, after which they were prompted to authorize Google Doc to access their Gmail account.

Simply click “Allow”…  With no login prompt…

Sound suspicious yet?

THE HACK

At this point, it was not Google Docs requesting access – but actually a malicious app.  As Reddit carefully detailed, this hack would actually:

  1. Bypass any 2-factor authentication controls
  2. Scour your Gmail contacts list, and replicate itself by sending emails (on your behalf) to everyone you’ve ever emailed
  3. At this point, it would also have access to your Gmail account, including the ability to read previous messages

THE PROTECTION

SonicWall™ Email Security now integrates with the Capture Advance Threat Protection service, to deliver fine-grained and user-transparent inspection of SMTP-based traffic. The cloud-based Capture ATP service can scan a broad range of email attachment types, analyze them in a multi-engine sandbox, and block dangerous files or emails before they reach your network. SonicWall Email Security with Capture ATP gives you a highly effective and responsive defense against email-borne threats, including ransomware, phishing, spoofing, spam and viruses.

WHAT ELSE YOU CAN DO

To avoid phishing scams, below is a refresher on what you can do to not fall prey:

  • Don’t click on URLs in emails without checking its full path and understanding where it is leading to.
  • Don’t download any plug-ins from the email link itself. Go to the vendor’s (Adobe, Microsoft etc.,) website to download plug-ins
  • User 2-factor authentication, wherever possible

Finally, if you were a victim of this attack, following are a few steps you can take to resolve the situation.

  • Go into your Google Account Permissions page and remove access privileges for the Google Docs account
  • Google also encourages users to report phishing emails in Gmail

Lastly, test your knowledge on all-things-Phishing related by taking the SonicWall Phishing IQ Test… and avoid being scared of emails!

Download Solutions Brief: What your next-gen email security needs to stop advanced threats.

Download Tech Brief

Evolution of Email Threats: The Rise of Ransomware, Spear Phishing and Whaling Attacks 

/0 Comments/in /by

Email has been around since the 1970s. Today, everyone and every business uses email for their communications. To put things in perspective, according to Radicati group – 122 business emails were sent and received per user per day in 2015! That is a lot of email for humans to process without making a bad judgement call. It has also become the vector of choice for threat actors to initiate advanced phishing campaigns.

Spam emails were the first form of email borne threats and the first documented email spam attack happened in 1996. Spam was unwanted mail that clogged up people’s inboxes. Malware was sent using spam emails to try to get confidential information or exfiltrate data. Spam was been seen as more of an annoyance.

Over the years, email-borne threats have transitioned to disruption of businesses and services. Today the attacks are more sophisticated and targeted, resulting in financial and reputation loss. It has become easy for hackers to monetize their attacks using zero-day malware, which is available on the dark web marketplace. Attacks such as ransomware and spear-phishing have a direct impact on an organization’s bottom line.

Threat actors used phishing tactics and sent mass email campaigns to try to dupe unsuspecting victims. These were mass email campaigns with a low success rate. Today, attackers carry out targeted and focused tactical email campaigns as part of a spear phishing attack. Social engineering plays a big part in phishing campaigns today.

Reports indicate that phishing campaigns now use ransomware and zero-day malware is the next evolution in phishing. According to the 2017 SonicWall Threat Report the most popular payload for malicious email campaigns in 2016 was ransomware, and the trend is expected to continue throughout 2017.

The top email-borne threats today are – ransomware, spear phishing and whaling or business email compromise.

Ransomware

Ransomware is a type of malware (usually zero-day on unknown) that is designed to encrypt data and block access to a computer system until a sum of money is paid.

According to a study conducted by SANS Institute, Ransomware delivered through phishing emails has emerged as the most identified type of attack for those organizations that had experienced a           breach. This is in line with the findings of the 2017 SonicWall Threat Report, in which ransomware was found to be the payload of choice for malicious email campaigns.

Another study conducted by that Osterman research group shows that nearly one-half of companies in North America were a victim of ransomware in the last 12 months. And no surprises here, as nearly 60% of ransomware was delivered through emails either using malicious links or malware-ridden attachments.

Ransomware is quickly becoming an epidemic for organizations worldwide.

Spear Phishing

Spear phishing attacks are targeted socially engineered campaigns designed to trick unsuspecting employees. Attackers create fake profiles on social media and networking sites to gather information and launch targeted email attacks in the future.

According to SANS 2016 Threat Landscape Survey, spear phishing and whaling are significant forms of attacks reported. Another survey by Cloudmark estimates that the cost of a spear phishing attack is 1.6M and 73% of companies acknowledge that spear phishing poses a significant threat.

Business Email Compromise (BEC)

BEC emails spoof trusted domains and imitate brands and corporate identities. In many cases, the emails appear from a legitimate trusted sender or from the company CEO typically asking for wire transfer of money.

According to the FBI – BEC is defined as a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.

This is a very real and a growing issue. The FBI has put up a public service announcement saying that BEC is a 3.1 billion dollar problem. Even the IRS has recently put up a notice on its website to educate people regarding this form of threat.

Today’s advanced threats require a new set of email security features in addition to the traditional capabilities. A multi-layered email security solution ensures protection to protect business communications. Businesses need a next-generation email security solution that offers comprehensive threat prevention capabilities.

Read our solution brief: What Your Next-Gen Email Security Needs to Stop Advanced Threats – to learn what your email security solution needs to block today’s advanced email-borne threats.

Read solution brief

General Availability of SonicWall Email Security 9.0 with Capture ATP at Virtual PEAK 2017

/0 Comments/in /by

SonicWall Email Security 9.0 with Capture ATP Service is available worldwide today. Leveraging a highly-scalable and redundant architecture, SonicWall Email Security 9.0 integrates with our award-winning Capture Advanced Threat Protection (ATP) Service, to deliver a cloud-based, multi-engine sandbox that not only inspects email traffic for suspicious code, but also blocks ransomware, zero-day and other malicious files from entering the network until a verdict is reached. I am excited to be joining hundreds of our channel partners for SonicWall’s Virtual PEAK 2017 this Thursday, March 2, 2017 from 8 am to 1 pm Pacific time. Learn more about all of SonicWall solutions and Email Security 9.0 that continues to offer an array of deployment options, including on-premises appliances, virtual machine, software and cloud-hosted solutions.

SonicWall Virtual Peak Keynote Speakers at Virtual PEAK 2017

According to the 2017 SonicWall Annual Threat Report, ransomware attacks grew at a tremendous rate in 2016 with email as one of main attacks vectors used by cyber criminals. Our response to this growing threat is SonicWall Email Security 9.0, which integrates our award-winning Capture Advanced Threat Protection Service.

SonicWall Email Security 9.0 with Capture Advanced Threat Protection Service provides comprehensive next-generation email security protection to prevent ransomware and emerging zero-day attacks.

This exciting new release demonstrates SonicWall’s continuing efforts to enhance our security portfolio and introduce innovation to our solutions to protect customers against new and evolving threats in 2017 and beyond.

Innovative features of SonicWall Email Security 9.0 include:

  • Advanced Threat Protection: Integrates Capture cloud-based sandboxing technology for detection of zero-day threats such as ransomware, for fine-grained inspection of SMTP traffic
  • Next-generation Email Protection: Incorporates anti-spam, anti-virus and anti-spoofing functionalities to not only detect and prevent spam and other unwanted email, but also scan email messages and attachments for ransomware, Trojan horses, worms and other types of malicious content.
  • Improved Office 365 Support: Enhances security by for multi-tenant environments by providing a method for ensured, mapped delivery of emails for SonicWall Hosted Email Security environments
  • Updated Line of Appliances: Refreshes SonicWall’s line of Email Security hardware appliances, helping customers to better face threats delivered by email.
  • Encryption Protection: Supports not only SMTP Authentication, but also the encryption service feature enables any email containing protected data to be automatically encrypted, routed for approval or archived.
  • Policy and Compliance Management: Enables an administrator to enact policies that filter messages and their contents as they enter or exit the organization. This allows organizations to meet regulatory requirements based on government legislation, industry standards or corporate governance activities.

SonicWall ESA Series at Virtual PEAK 2017

To learn more about Email Security 9.0, be sure to attend the upcoming SonicWall Virtual PEAK 2017, March 2, 2017. Join my session: Using SonicWall Email Security 9 with Capture ATP to Drive New Opportunity at 8 am. Don’t miss this opportunity to network and learn from our experts and your peers. Register today!

SonicWall Virtual Peak