ProofPoint polices email for 'spear phishers'

Cybercriminals are increasingly launching drone-like attacks on companies, sending malicious emails tailored to specific executives or their underlings to go after high-value digital assets in the corporate network.

ProofPoint on Thursday unveiled a cloud service called Targeted Attack Protection (TAP) that defends against some forms of so-called advanced persistent threats. The service is aimed at intercepting hacker-sent emails that contain links to malicious websites that attempt to download malware or steal the victim's credentials.

TAP is a proxy server that sits in the cloud or on a customer's network, intercepting all email traffic before it reaches the mail sever. All emails are analyzed and links in those deemed suspicious are rewritten, so if someone clicks on them, the request first goes through ProofPoint's server.

Once email is marked, the link remains altered, even if the recipient forwards the e-mail to someone else. It also doesn't matter whether recipients click on links from their home network or a mobile device.

Besides analyzing email, ProofPoint's server also checks the destination website for malware or web forms that would request a visitor's user name and password. Hackers often wait to activate such sites, so ProofPoint monitors them and stands ready to intercept malware.

TAP includes a web-based dashboard for configuring alerts and to get more information on threats, such as whether they are targeting a single organization or a specific industry. Other information includes which individuals are being targeted and whether the attack is to download malware or steal credentials.

The shift to APTs is reflected in the steep decline in spam volume, which fell last year to the lowest level since 2007, according to Cisco's latest state-of-security report. Rather than send out massive amounts of spam to trap a small percentage of recipients, hackers are targeting specific people in organizations with information that fetches the best price in the black market. Those organizations include defense contractors, government agencies and international research groups.

To get the names of executives, hackers search regulatory filings and social media, such as Facebook and LinkedIn, said David Knight, executive vice president of product management and marketing at ProofPoint. Getting passwords to social media, such as in the recent break-in at LinkedIn, are particularly valuable in so-called spear-phishing campaigns.

"Not only do I have names, but I know who is related to whom, because I can log in as you and I can see all your friends," Knight said. "Once I know who your associates are, I can send a message from an account that appears to be from trusted people in your network."

ProofPoint's TAP service is scheduled for release in the third quarter. An annual subscription will start at $18 per user.

While ProofPoint is focusing on APT, CloudPassage has introduced an authentication service for companies with applications running on virtual servers in cloud platforms, such as those run by Amazon and Rackspace.

GhostPorts SMS is an agent that is installed on a virtual server. When someone logs in with his or her user name and password from a browser, the agent sends a onetime password to the person's mobile phone. The temporary password has to be inputted to gain access to the application.

GhostPorts SMS, also released Thursday, is available as part of the NetSec and Professional editions of CloudPassage's Halo cloud security platform, which also includes firewall automation, vulnerability scanning, intrusion detection and multi-factor authentication.

A basic version of Halo is available for free. The paid editions start at 3.5 cents per hour during the time a virtual server is active in the cloud.

Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place