Business email compromise without phishing

Submitted by Nick on Wed, 11/28/2018 - 08:49

Buisness email compromise and email account compromise are on the rise, there's no doubt about it. With over $12 billion in losses since 2013, it's also an extremely lucrative attack vector for the bad actors. With all the work that goes into social engineering these types of attacks, it's no wonder attackers have started looking into less strenuous methods for compromising the systems and addresses that they are targeting. 

I know I never thought of this, but I can say that I'm not surprised that someone did. There's another attack vector coming into play, email archives. We all take these treasure troves of information for granted. We have emails that pile up until our allotted server space is gone, then we start archiving old emails. After that does anyone really need to get into these emails? I know I have never accessed an archive after I've done the backup. Unless that data needs to be saved because of regulatory reasons, I would say no. 

Most email servers, should have some sort of data retention setting, and unless data needs to be saved for a specific amount of time, I would recommend utilizing this setting and removing archiving options on the workstation side, if possible. This will allow you to keep your regular backups, but it will also ensure that those backups are done by personnel with security in mind. It will also ensure that email information is not accessible outside of the security measures of IT.

KnowBe4 has more info on this topic in the link below.