Until now, email has been one of the easiest routes for attackers trying to breach an organization’s security. Email systems span organizations and connect everyone internally. They’re also the most heavily used applications in most organizations. They contain a vast amount of valuable data for an attacker, and the humans who use email are just that—human. They are prone to click on inviting email links or open legitimate-looking file attachments, and when they do, the attacker gains a foothold in the enterprise environment. From there, he works to find email credentials and reach the email servers.
Attackers often use automated tools to harvest data from email messages. They’re looking for passwords—like those you email to yourself so that you can save them and not forget them—or script files and other credentials. When they find that information, they have valuable intelligence that helps them move laterally and advance toward more valuable data.
Email data deceptions are the latest addition to the illusive deception stack of data, network, endpoint, and application deceptions. illusive email data deceptions embed deceptive information in real email clients. After the attacker scrapes the data and tries to use it to move laterally, illusive detects the attack and generates an alert. Email deceptions appear to attackers but not to valid users, so deceptions don’t interfere with normal work.
Data deceptions are the most difficult to do well, according to top analysts. They must blend seamlessly into the customer’s normal email environment, be indistinguishable from real email content, interact with the attacker, and mirror the activity of real users. They also have to work well with other deceptions that are deployed in order to be credible.
All illusive deceptions, including email data deceptions, also encompass the dimension of time. They are automatically orchestrated to change over time, helping prevent attackers from returning to the environment and using the information they previously gathered to successfully attempt re-entry. The APT attacker thinks he understands the environment, but in reality, the deceptions have changed and he must start over, although he doesn’t realize it.
With this breakthrough, illusive has again set the bar high for attackers. For more information about our Email Data Deceptions, contact us