Cellopoint Email URL Detection and Defense

According to the U.S. FBI’s investigative analysis report made in October 2016, the United States along with more than 100 countries around the world continued to suffer huge email fraud threats, and the total loss was up to 3 billion US dollars. Therefore, the United States Department of Homeland Security (DHS) designated October as National Cyber Security Awareness Month (NCSAM) to publicize the damage severity of Business Email Compromise (BEC) to the enterprise, government and organizations. The “Modus Operandi” of BEC was to penetrate the email accounts of your company’s CEO, CFO and Financial Personnel by using social engineering emails with malicious URLs and attachments. After penetrating these critical mailboxes, the criminals would carry out a long term monitoring of the communication records in these mailboxes, especially on the schedules of business trip/travel/vacation, the details of the company's financial transactions and the dates of company’s regular wire transfers. Once the company CEO really went on a business trip or took vacations to travel, the criminals would seize the opportunity to fake the CEO’s identity and send emails to company’s CFO or financial personnel for fake emergent wire transfer. It would cause unauthorized transfer of funds, resulting in great loss of money. This approach is different from the criminal behavior of ransomware.

The situation mentioned above continued in 2016 because the conventional Secure Email Gateway (SEG) could not filter and detect the advanced targeted attacks effectively by only providing the anti-spam and anti-virus function. Therefore, Cellopoint Next Generation Defense Platform offers two brand new Advanced Persistent Threat (APT) Defense Engines with CelloOS 4, including Email Attachment Sandbox Detection and Email Content URL Detection.

This press release mainly introduces the second defense engine: Email Content URL Detection and Defense Module, which can effectively detect the following two kinds of malicious URL threats.

  • URLs in Phishing Emails: These URLs will deceive the recipients to click the links to connect to the phishing websites and induce them to enter personal information such as account name, password, credit card number, and so on.
  • Malicious URLs: Once the recipients click the malicious URLs and they will be redirected to the malicious websites. These malicious websites often look like legitimate websites, but actually they have malware and trojans hidden in their pages. The crime groups will attempt to install malware, gather the victims’ personal information or gain total access (Command and Control, C&C) to the victims’ devices.

The Anti-APT for URL Detection Module of CelloOS 4 contains the following two-stage detection:

First Stage (Static Database Comparison): CelloCloud will generate millions of latest global TI (Threat Intelligence) of phishing URLs and malicious URLs for the system to compare. Once the email matches the TI pattern, it will be placed in the quarantine area. The administrators are able to set the quarantine notifications for notifying the recipients automatically.

Second Stage (Dynamic URL ToC Scanning): To protect against the unknown, suspicious or malicious URL links, Cellopoint SEG will rewrite the links to go through CelloCloud for real-time examination (URL Time-of-Click Check). The URLs will be examined at the time when the users click them. If a link is unsafe, the users will be warned not to visit the site or informed that the site has been blocked by Cellopoint SEG.

From the development of anti-spam technology and global sender IP reputation database ten years ago, Cellopoint has evolved to keep up with the ever-changing cyber crime landscape. We now further focus on the study of cyber crime behavior and the collection of global threat intelligence. Through the use of big data correlation analysis and machine learning, we extract useful threat information and update it to our global customers instantly, which helps to keep the IT defense advanced and reduce the business operational risks.

If you need further information or if you would like to purchase Cellopoint service, please email: sales@cellopoint.com

Reference Material:
FBI 2016.10.07 Press Release: Business E-mail Compromise Scams Cost Businesses Billions of Dollars https://www.fbi.gov/contact-us/field-offices/saltlakecity/news/stories/business-e-mail-compromise-scams-cost-businesses-billions-of-dollars