Windows Ransomware Detection and Protection by Marius Sandbu
Author:Marius Sandbu
Language: eng
Format: epub
Publisher: Packt
Published: 2023-12-15T00:00:00+00:00
Securing email services
Now, we have looked more at other miscellaneous countermeasures and what we can do for our Active Directory domain. The final aspect, and what might be the biggest attack vector for ransomware, is email.
In this book, we will focus on securing email related to Microsoft Office 365, although many of the techniques and features discussed here are also applicable to other email providers.
According to information from Statista, close to 3% of employees stated that they clicked on links that were sent in phishing emails: https://www.statista.com/topics/8385/phishing/#dossierContents__outerWrapper.
While 3% is not a high number, an attacker only needs one employee that leaks their account information to initiate a ransomware attack or to run malicious content on their machine.
Another attack vector we are seeing more of is the use of Adversary-in-the-Middle (AiTM) phishing. AiTM phishing is a method used by attackers to gain unauthorized access to a userâs account by intercepting their login session, capturing their password and session cookie, and impersonating the user. Once the attacker has obtained the userâs credentials, they can access the userâs mailbox and launch Business Email Compromise (BEC) attacks against other targets.
An example of this is the use of evilginx, which is an adversary-in-the-middle component used for collecting login credentials and session cookies. You can find it at https://github.com/kgretzky/evilginx2.
Microsoft 365 Defender can detect suspicious activities associated with AiTM phishing attacks and their subsequent actions, such as session cookie theft and attempts to access Exchange Online using stolen cookies. To enhance the level of security against similar attacks, organizations should also implement Conditional Access policies in addition to MFA. These policies can evaluate sign-in requests using additional identity-related factors such as user or group membership, IP location, and device status.
Now, when looking at phishing emails, we can see that most phishing emails use the same basic structure using either one or multiple properties:
Request for personal information over emails â Such as asking for username/password or other sensitive information.
States an important level of urgency â Mentioning that the user needs to take urgent action such as ensuring that their account will not get locked.
Links within the email that redirect you to unfamiliar websites and domains â While they might be redirected to a website that might look familiar, the URL is from a different domain.
Unsolicited attachments â These might be executables or Word documents that contain malicious payload to initialize the malware bootloader.
Changes in email addresses â Either the email is not official or contains smaller changes compared to the official domain name. These might be minor changes such as Microsott.com instead of Microsoft.com.
Spelling or grammar mistakes (especially if they are forged in your native language) â There are many cases where attackers use generic text and then use Google Translate to translate the email for different recipients within different countries.
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Disaster & Recovery | Email Administration |
Linux & UNIX Administration | Storage & Retrieval |
Windows Administration |
Sass and Compass in Action by Wynn Netherland Nathan Weizenbaum Chris Eppstein Brandon Mathis(7413)
Grails in Action by Glen Smith Peter Ledbrook(7306)
Kotlin in Action by Dmitry Jemerov(4654)
Management Strategies for the Cloud Revolution: How Cloud Computing Is Transforming Business and Why You Can't Afford to Be Left Behind by Charles Babcock(4139)
The Age of Surveillance Capitalism by Shoshana Zuboff(3435)
Learn Windows PowerShell in a Month of Lunches by Don Jones(3254)
Mastering Azure Security by Mustafa Toroman and Tom Janetscheck(3035)
Mastering Python for Networking and Security by José Manuel Ortega(2967)
Blockchain Basics by Daniel Drescher(2900)
Microsoft 365 Identity and Services Exam Guide MS-100 by Aaron Guilmette(2720)
TCP IP by Todd Lammle(2648)
Configuring Windows Server Hybrid Advanced Services Exam Ref AZ-801 by Chris Gill(2563)
From CIA to APT: An Introduction to Cyber Security by Edward G. Amoroso & Matthew E. Amoroso(2488)
Azure Containers Explained by Wesley Haakman & Richard Hooper(2450)
Hands-On Azure for Developers by Kamil Mrzyglod(2432)
React Native - Building Mobile Apps with JavaScript by Novick Vladimir(2345)
MCSA Windows Server 2016 Study Guide: Exam 70-740 by William Panek(2319)
The Social Psychology of Inequality by Unknown(2318)
The Art Of Deception by Kevin Mitnick(2306)