Cellopoint Email Security Predictions for 2016

According to report analysis from the previous year, CelloConsult experts announced 3 email security predictions for 2016. Proven by past events, security threats constantly change and present new challenges ahead.

Ransomware continues cause damage

In 2015, Cellopoint team received many customer complaints about ransomware attack. First, the virus force-locks files on the victim's computer. Then, a message pops up demanding a ransom in exchange for the key to unlock the computer, which caused lot of problems for companies as well as end users.

CelloConsult experts point out that ransomware will remain a major and rapidly growing threat in 2016. Although the first version of ransomware appeared 20 years ago, the threshold of threat decreases and new variants spread every year. According to our analysis, 70 percent of ransomware is spread through phishing emails that contain malicious links and then driven by users clicking the links. Other ransomware attacks are performed through toolkits or other methods such as shared files on USB, Microsoft My Network Places, Dropbox or instant messaging softwares. Besides the common ransomware like CryptoLocker and CryptoWall, new versions are likely to emerge in 2016. CelloConsult experts urge IT administrators to remain vigilant at all times and lay out monitoring methods such as gateway protection, end point protection or SIEM.

Targeted attacks become the norm

At the end of 2014, CelloConsult experts estimated that APT attacks will become the mainstream way of attack in 2015. In retrospect, social engineering attacks were indeed a major issue in the previous year. A cross-country financial crime was discovered in the beginning of 2015. Criminals began by gaining entry a bank employee’s computer through email phishing, infecting the victim with the Carbanak malware. This way, they gained access to the bank's internal network and were able to remotely monitor transaction processes. The criminals have attempted to attack up to 100 banks and other financial institutions in around 30 countries and have stolen over 500 million dollars.

In August 2015, the online dating site Ashley Madison was hacked and its 37 million user accounts and information were exposed. Most recently, Hong Kong toy manufacturer VTech found itself under a serious cyber attack that put sensitive data about children at risk.

This sort of news never seems to end. CelloConsult specialists predict that in 2016, hackers will also use employees’ curiosity and negligence to send phishing attacks. The use of social engineering tactics can effortlessly evade any existing filter mechanism in corporate networks. It's suggested that besides implementing firewall and secure email gateways, corporations should allocate an additional part of their budget to conduct social engineering tests to train and prevent their staff from being deceived by phishing techniques.

Attacking Smartphone

It is estimated that in 2016 more than a quarter of the total global population (2 billion people) will be using smart phones. For many, mobile appliances are their first and only Internet-connected devices. Hackers have recognized this tendency and are also shifting to the mobiles. In addition to phishing techniques, hackers are starting a new trend of free apps that download malware.

Once a malware is installed in the device, it will be called back to the C&C server to implant trojans. In this scenario, hackers can obtain higher administrative privileges and steal confidential data such as bank accounts, passwords and other information in the phone. CelloConsult experts advise that users remain highly cautious when downloading unknown apps to avoid any unnecessary damages. Also, a secure network gateway should be implemented in your email server to ensure maximum security when receiving new messages.