Our team is currently involved with a case at a university where IP addresses are continually landing on the blacklists of several security providers, due to their mail system being identified as a threat. This leaves us with two questions: What happened? Why did it happen? One possibility is that an employee working remotely clicked on something that turned out to be ransomware. Either that or the attackers found out that the mail server can be used to send further mails to find more potential targets.
What does an attack look like? It is usually carried out using an e-mail and an attached file. Only one click and a malicious code is loaded onto the system. At that point it’s mostly too late. But how can we prevent this? Visibility is key. Using a postfix mail server as a mail gateway may give you a mail log, but it won’t protect you. And even if there is some protection, most admins don’t actually read through log files all day.
In the case above, we had to find the cause to the problem and investigate which precautions could be taken to prevent similar cases in the future. Our solution? We use a system that creates visibility. It helps us to understand where e-mails are coming from and where they are going to. If you combine this with the right protection, you are looking at a secure system.
Trend Micro’s Deep Discovery Email Inspector does just that. It uses innovative technology such as sandboxing and white and blacklists to recognise and deflect spear-phishing e-mails that are used to lure students and teachers into activating dangerous and complex malware and ransomware. Each e-mail attachment is subject to a virus test and it’s possible to control where these mails are headed and what exactly is allowed to happen.
Email Inspector is integrated downstream of the e-mail gateway. The solution recognises and removes spear phishing e-mails that carry out attacks via malicious attachments and URLs and other complex threats and ransomware. This offers some obvious advantages for educational institutions such as more all-round protection thanks to transparency, extensive recognition technology and high flexibility.
What’s more, 99.3 % of all attacks are carried out via e-mail—whether in the public sector, at universities or schools, or in private enterprises. Opening a malicious e-mail is not only stressful, but also consumes time and money—making a good backup essential.
We’ve also recommended our customers ensure that the topic of e-mail security plays a role for employees, as this is vital in preparing them for future attacks. The decision was made to inform users regularly on any suspicious activity and incidents via mails.
If the attack is successful, the company should ask itself where the attack came from. How far do we have to row back to run a clean system again? The most important question, however, is how do I get my systems secure again?
Generally, you should always stick to holistic approaches. In places where dual vendor strategies were followed a few years ago, it may now make sense to unify communications and exchange of information on the product.
Let’s say, for example, while scanning e-mails, a file was found that contains malicious code. This information can be passed on to the AV endpoint that will then search the systems for this file and remove any traces of it.
Would you like to find out more about security solutions by Trend Micro for the education sector? Then please get in touch with us.