Report 2014 - E-mail Security Threats cause Unprecedented Challenges.

According to research and statistics from CGAC (Cellopoint Global Anti-spam Center), the amount of spam in 2014 has decreased compared to those in 2013. However, the threat and risk of cyber attacks have grown dramatically. Among these, social engineering techniques are the most commonly used by hackers and corporate espionage.

CelloLabs pointed out that although the total volume of spam has decreased, there are more and more spam breaks through to mailboxes. It indicates that the traditional anti-spam or anti-virus are not enough to fight against these unknown threats. Hacker and spammer use evasion techniques to bypass mechanism of firewall, IPS, anti-spam, and anti-virus, which is the first stage of three APT lifecycle phases. They target the recipients and try to infiltrate their mailboxes.

CelloConsult team said more than 90% of hacked customers have already installed a security protection in their servers. However, the use of social engineering has significantly increased and enhances the penetration of phishing emails. Hackers are no longer adding hyperlinks to the contents of the emails, hence making it harder to detect and intercept.

Looking at spam trends in 2014, we see that:

- 95% of emails in 1st semester were spam,
- 91% in the 2nd semester, and it decreased in the 3rd and 4th (87% and 85% respectively).
Although the proportion of spam is decreasing, the damage is severe and it is a bigger risk that IT managers and CIO will face in 2015.

Cellopoint’s Marketing Director mentioned that over the past decade, the SEG (Secure Email Gateway) market has been under a huge evolution, from the traditional Anti-spam and Anti-virus, to more specific and sophisticated requirements, such as Email Encryption and DLP in the last three years, and ending with this year 2014, when protection against APT and advance malware became a must-have feature in SEG, to provide a more complete protection to every organization.

Analysis show that the first step is to target recipients with phishing mails and prompt them to open an attachment or click on hyperlink. After doing this, the second stage is to initiate the callback to C&C hosts, downloading automatically virus. For instance, after passing through a normal Port 80 connection, APT attack starts to download malware automatically.
The third stage of an APT attack life cycle is parallel proliferation and file penetration to other hosts, including other important file servers and computer terminals. This is a threat not just for Windows, but other servers, such as Linux and MAC OS. Mobile devices (Android and iOS) are the next potential target for APT attacks.

In addition of doing APT check to find vulnerabilities, defense strategies should be made in order to protect your data from the three APT attacks phases. Then, in case you have limited annual budget, you can take the most cost-effective decision to protect your confidential information.