Skip Navigation
BlackBerry ThreatVector Blog

Applying Zero Trust to Your Inbox

Human nature is one of the most exploited vulnerabilities by attackers, and distractions during a busy workday only compound the issue. A distracted workforce is more likely to click on seemingly legitimate links and email attachments, and there's nothing like a global pandemic to distract people. This is why it is critical to have the right solutions in place to detect and block attacks via malicious emails.

Zero-Trust-focused solutions that leverage machine learning, a subset of artificial intelligence (AI), are a great tool for enterprises to stay a step ahead of the bad guys and protect employees who can easily make mistakes – especially when the attacks are sophisticated and the targets are preoccupied.

Spear-Phishing Attacks

A recent Wired article pointed out how prevalent the issue of malware-infected documents are in email attacks. "Currently, 56 percent of malware threats against Gmail users come from Microsoft Office documents, and 2 percent come from PDFs," the Wired story noted. “Kits for crafting malicious documents and tailoring them to evade antivirus scanners are readily available in online criminal forums, ranging in price from about $400 to $5,000."

Beyond attacks that leverage malicious links and documents in random SPAM email operations, is the greater threat from highly targeted and customized spear-phishing attacks. In these cases, attackers leverage everything they have been able to learn about an attractive target and then craft an email attack aimed at tricking someone who works with that target.

Attackers can use numerous means to gather open source intelligence on a target – simply combing social media sites can allow attackers to learn things like the names of direct reports or key associates of a CEO, for instance. Messages are then crafted with this specific information that sound credible, and these sorts of detail-rich spear-phishing emails have a far better chance of being successful in an attack than generic, mass-distributed SPAM messages.

These spear-phishing emails can appear to be from a trusted source and contain very specific, detailed information, and are used to entice the recipient into clicking on a link to a malicious site or opening a malicious attachment.

Defending Against Spear-Phishing Attacks

How do you defend against these attacks? Solutions that leverage machine learning can stop these kinds of attacks from being successful even when employees are distracted or tricked by specially crafted emails.

BlackBerry® Spark leverages machine learning to analyze any executable based on millions of characteristics that identify a file as being malicious or benign, and then prevent the latter from executing on an endpoint. This innovative technique renders malware, ransomware, and zero-day attacks ineffective at machine speed.

BlackBerry Spark also provides memory protection. The most common incidents where memory is abused for attacks involve a user browsing a malicious website or opening a malicious document that may come via email. When this happens, the attacker’s code can execute within the memory of the browser or document application without ever using an executable file.

Memory attacks are becoming the threat actor’s favorite tactic, explicitly because it can be so difficult to detect and block these without interfering with routine operations. BlackBerry Spark negates these attacks by proactively identifying and blocking attempts at memory exploitation and can also prevent the exploitation of the most common classes of vulnerabilities such as buffer overflows and uses-after-free attacks.

Another feature that BlackBerry Spark offers is script control, which prevents malicious scripts running on devices. Script control examines the code and the script path to determine if the intent is malicious before the script can be executed.

BlackBerry Spark also secures function-specific devices through application control by allowing an administrator to develop a gold image for any device and apply a global lockdown to ensure the device does not change, preventing malicious binaries or modification of a benign binary.

Takeaways

Attackers take advantage of our human nature, especially how we behave when receiving or accessing important information from sources we assume to be trusted – they also take advantage of headline-making events like the Covid-19 outbreak.

It’s really important to remember that whether you’re the CEO or just someone trying to stay informed of the latest news on Covid-19, the potential to fall victim to a phishing attack is heightened. Make sure you have the right tools in place to be protected.

 

Ryan Permeh

About Ryan Permeh

Senior Vice President and Chief Security Architect

Ryan works within the office of the CTO to define technology strategy and architecture, that will help integrate technology across BlackBerry and focus it towards reducing customer risk. Ryan has been in the security industry for over 20 years and has a long history in both offensive and defensive security. Ryan came to BlackBerry as part of the Cylance acquisition. He was co-founder and Chief Scientist of Cylance and led the architecture behind Cylance’s mathematical engine and groundbreaking approach to security. Prior to co-founding Cylance, he previously served as Chief Scientist for McAfee focused on technology strategy, and as a Distinguished Engineer at eEye Digital Security focused on building security assessment tools.

He has published numerous articles, papers, and books, and is a frequent speaker at conferences around the world on the topics of security, privacy, machine learning, and entrepreneurship. His research has led to numerous innovations in both offensive and defensive security technology and he has published over 20 patents in the security and data science fields. He is known as the discoverer and primary analyst of the “Code Red” computer worm and contributed to many other analyses of significant threats over his career.