SMX Limited, New Zealand’s largest cloud email security company, has launched new software enhancements to its SMX SmartRules® software designed to protect against sophisticated email phishing fraud.
SMX Chief Technology Officer, Thom Hooker, says sophisticated variations of phishing (or targeted email attacks) – termed ‘spear phishing’ and ‘whaling’ respectively – represent the most serious cybersecurity threat currently facing New Zealand businesses and organisations.
“There are companies out there right now losing substantial amounts of money, confidential information, or both. A number of law firms have been hit particularly hard,” Hooker says.
Spear phishing and whaling are forms of targeted email attack, or phishing, Hooker explains, where a combination of social engineering and email spoofing techniques is used to steal money or confidential information from businesses – and it is becoming increasingly prevalent.
Spear phishing targets a group of people – for example, employees or customers of a specific company, or even a specific person.
Whaling is a variation of spear phishing that targets high-level executives with the objective of conning them into sharing confidential company information. A fraudster may, for example, identify key executives with funds transfer authorisation, and send counterfeit emails authorising funds transfers, using those executives’ details.
To combat both spear phishing and whaling attacks specifically, SMX has developed new algorithms and new ‘rules’ have been added to SMX’s SmartRules® module, Hooker says. These allow SMX, or an organisation’s IT department, or an external IT service provider, to create and apply new rules and supporting processes to protect identified likely or known spear phishing or whaling targets within an organisation.
New functions have also been enabled on SMX's email security filters to further interrogate the metadata associated with each email. These new features detect and remove spear phishing and whaling attacks in real time from SMX's customers’ email flow without the end-user needing to enable them.
For example, Hooker says, whaling and spear phishing attacks rely on a mismatch between what the target sees in their mail client and what is ‘parsed’ by the mail server. By providing SMX with a list of potential spear phishing and whaling targets and victims, along with the normal email addresses they send from, SMX's DLP (data loss prevention) engine is configured to block or quarantine any emails which have mismatches.
For very high risk whaling targets, an even more stringent layer can be added where only authorised email addresses are allowed through the filters. This does require creating and maintaining a list of authorised addresses associated with each target. However, once this rule is set up maintenance is only required when list members change and this can be carried out by the customer's IT team with minimal training.
“The bottom line is that email security has to be dynamic and able to respond quickly with new defences to new threats as they emerge. A key strength of SMX is that as a cloud service we can implement new defences for all of our customers literally in real time,” Hooker says.