Our mission is making INBOX.CLEAN™ a reality: stop phishing attacks — the root cause of 95% of breaches — before they reach users. Get the only solution that preemptively stops Business Email Compromise, malware, ransomware and other advanced threats by discovering and eliminating them before they cause damage.
A cybersecurity analyst or engineer wakes up every morning, flips on their laptop, and defends others from attacks, responding at the speed of lightning to beat cyber villains, and with unmatched adaptability and agility stops cyber villains from getting into your inboxes and organizations – all while calling it just a normal day at the office.
Area 1’s cloud-native SaaS solution supports three key use cases: preemptive anti-phishing across all threat vectors (email, web, social, network); cloud email security / SEG replacement; and phishing security automation for SOC teams.
Area 1 is a Microsoft Certified Partner and a Google Cloud Security Technology Partner of the Year. We also integrate with a number of SIEM, SOAR, SEG and firewall technology providers to fit your unique infrastructure. Learn More
FIND A CHANNEL PARTNER
Work with trusted cybersecurity experts across the globe to secure your business. Learn about our partnerships with Legato Security, Optiv, SADA Systems, SYNNEX and others. Channel Partners Become A Channel Partner
The United States government recently formally charged a North Korean hacker in the infamous 2014 Sony phishing attack. Although the Sony attack is old news, the criminal complaint provides new insight into the hacker’s phishing campaign assembly line that we can learn from to better defend from attacks. The complaint makes it clear that the hacker has a “playbook,” consisting of phishing methods and tactics that easily bypass cybersecurity defenses. These were used and reused again and again by the hacker, over several years, to successfully attack many victims, including entertainment companies, financial institutions, defense contractors, and others. The playbook enabled this hacker to extract information and steal money, inflicting significant damage to victims.
In football, a playbook can make or break a team. If you can get hold of your opponent’s playbook, you have a huge advantage. Instead of waiting for your opponent’s next move, scrambling to respond and hoping for the best, you can preemptively execute a defense that stops opponents in their tracks.
So what lessons can we learn about phishing attack defense by studying the playbook outlined in the North Korean hacker criminal complaint?
Email Authentication can’t protect against phishing attacks.
The hacker established multiple accounts with email service providers, such as Gmail and Hotmail, to send spear-phishing emails to victims and receive exfiltrated data from victims’ systems. Because the email service providers that the hacker used to send their email comply with the latest email authentication standards (DMARC), the hacker’s phishing emails easily passed the victim’s email authentication security checks. Email authentication isn’t a reliable way to protect from phishing email because it’s just as easy for bad guys as it is for good guys to establish and use email accounts that pass authentication checks.
Hackers reuse email accounts across campaigns.
The North Korean hacker used and reused the same email accounts to execute campaigns against multiple organizations and industries, including campaigns against Sony, Bangladesh Bank, Lockheed, and others. By proactively tracking hacker activity and the email accounts that hackers use and reuse to execute attacks, security providers have better insight into malicious sender accounts before phishing campaigns launch and can better protect customers from spear-phishing attacks.
Hackers use compromised systems to execute attacks.
The North Korean hacker compromised multiple reputable systems, and then used those systems to execute the attacks. Compromising and using reputable systems to execute attacks helps hackers evade detection by the victim’s security defenses. Security vendors that proactively track hacker activity in the wild can detect systems compromised by the hacker, that they use and reuse for attacks, and can better protect customers from malicious traffic originating from those compromised system IPs or domains.
Hackers continually craft new malware but reuse code.
Similar to any good developer who takes pride in his or her work, a hacker reuses their code across campaigns. if it’s working, why change? The malware used by the North Korean hacker, although mostly unique for each campaign, reused some code across malware payloads. By proactively tracking hacker activity and analyzing associated malware payloads, security providers can discover patterns. Those patterns can then be used by security providers to analyze customer web downloads and email attachments to detect and protect in seconds against the hacker’s newest, previously unseen malware payloads.
As shown above, the security industry can take a lesson from football strategy: threat actors too have a playbook. They figure out the plays that work—those that easily bypass cybersecurity defenses—and use those plays over and over again. If the defense can’t stop your star running back, you’ll keep running down the middle, and likewise, if targeted victims keep clicking a hacker’s credential harvesting phish, the hacker is going to keep sending it.
Leaders and practitioners responsible for email security are faced with a few truths every day. It’s likely true that their email is cloud-delivered and comes with some built-in protection that does an OK job of stopping spam and commodity malware.
https://www.area1security.com/wp-content/uploads/2022/08/image3-16.png10131800William Cloudhttps://www.area1security.com/wp-content/uploads/2022/04/Cloudflare-A1S-Logo-1-1.pngWilliam Cloud2022-08-23 11:36:342022-08-23 11:39:08How to replace your email gateway with Cloudflare Area 1
Today is National Superhero Day, and we would like to dedicate this day to you—the SOC teams and the security experts on the frontline of the phish fight.
https://www.area1security.com/wp-content/uploads/2022/05/BlogBanner_PoTWSuperhero_2022MAY.png20845209Shalabh Mohanhttps://www.area1security.com/wp-content/uploads/2022/04/Cloudflare-A1S-Logo-1-1.pngShalabh Mohan2022-04-28 13:51:312022-07-15 10:20:08Superhero strategies for the Phish Fight