Story image

Email prime target for cyber attacks, FirstWave responds with domain filter

20 Apr 2016

In response to increasing number of attacks targeting email, such as the C-Level Impersonation filter and other ‘whaling’ attacks, FirstWave Cloud Technology has launched a Typo Domain filter on its ESPTM Mail cloud security platform.

This new filter has been designed to deflect and block sophisticated email phishing threats targeting the wider attack surface of email users at any organisation level in the enterprise, according to a statement.

According to FirstWave, cyber attackers can take advantage of Internationalised Domain Names (IDNs) with special character sets to create and send phishing emails from servers using legitimately-established domain names - these are indistinguishable to most recipients from well-known or trusted domain names. Attacks such as this are sometimes known under the banner of homograph attacks or imposter email attacks.

FirstWave says attackers can apply this technique and use a homograph of a company’s own domain name or names to trick employees of that company to accept and click on links in emails that appear to be legitimately coming from within their own organisation.

The majority of existing email security and phishing filters cannot assure they will block such an attack, according to the company. Standard sender domain authentication techniques used by email transport nodes and email security gateways, such as SPF and DKIM, can be penetrated because these homograph domains can appear authentic in the DNS system.

To provide a broad yet enterprise specific defence against this form of attack, FirstWave Cloud Technology’s Typo Domain filter uses advanced ‘fuzzy matching‘ software library algorithms in its ESPTM Mail platform, tested against a wide range of homograph domain attack scenarios. As such, the filter is designed to provide high protection efficacy and very low false positives.

According to FirstWave, the Typo Domain filter will automatically protect all customer domains already configured on the FirstWave cloud Mail security service, without the need for any customer administrator configuration action.

Slack users urged to update to prevent security vulnerability
Businesses that use popular messaging platform Slack are being urged to update their Slack for Windows to version 3.4.0 immediately.
Secureworks Magic Quadrant Leader for Security Services
This is the 11th time Secureworks has been positioned as a Leader in the Gartner Magic Quadrant for Managed Security Services, Worldwide.
Deakin Uni scores double win with Exabeam partnership
Australia’s Deakin University is partnering with SIEM security company Exabeam in an effort to boost the university’s cybersecurity degree program and strengthen its SIEM capabilities.
Google puts Huawei on the Android naughty list
Google has apparently suspended Huawei’s licence to use the full Android platform, according to media reports.
Voter vulnerabilities: Cybersecurity risks impact national elections
The outcome of elections have an enormous impact on the political and cultural landscape of any democratic society. 
Using data science to improve threat prevention
With a large amount of good quality data and strong algorithms, companies can develop highly effective protective measures.
General staff don’t get tech jargon - expert says time to ditch it
There's a serious gap between IT pros and general staff, and this expert says it's on the people in IT to bridge it.
ZombieLoad: Another batch of flaws affect Intel chips
“This flaw can be weaponised in highly targeted attacks that would normally require system-wide privileges or a complete subversion of the operating system."