Now we know what the battle is about: All you need to know about email security
The email has become a vital source of communication in both our personal and professional life since its creation. In 2020, over 300 billion emails were sent and received per day, and that number is likely to continue to climb in coming years. The bad news is that Email is also the main attack vector used by cybercriminals to distribute spam, malware, and phishing attacks, with phishing emails or malicious attachments sent to company employees accounting for more than one-third of all security incidents. The weakest link in the security chain is still email.
According to a new report from PhishMe, 91% of all Cyber-attacks start with an email, and 94% of malware is also delivered via email according to Verizon’s 2019 Data Breach Investigations Report.
Before jumping into the methods for making it more secure, let’s take a look at how the traditional email works and the security flaws that make it the most appealing target for cybercriminals.
How Email works
One widespread misperception regarding email is that once it is sent, it travels immediately from the sender to the recipient. In fact, before reaching its intended mailbox, an email travels across many networks and servers. It is possible that it will be stolen or read by an unauthorized entity as it moves from one place to the next. A brief outline of the processes is explained below:
- You use your email client to compose and send an email.
- The email client establishes a connection with the Outgoing SMTP server and sends the message in MIME format.
- The Outgoing SMTP verifies the sender’s information before processing and forwarding the message to the Outgoing queue.
- Based on the domain information in the recipient address, the SMTP server looks for the domain’s DNS server and extracts the recipient domain’s recipient server information
- The SMTP Server then establishes a connection with the email server of the recipient and sends the email using the SMTP protocol.
- The Recipient server, in turn, validates the recipient account and delivers the email to the user’s mail account.
- The user views the received email using his email client.
Most of these protocols that the present internet relies on were created for the early internet – for a small group of enthusiasts, scientists, and government officials – not for a global network on which we operate buildings, smart gadgets, public transportation, nuclear reactors, and other things.
Security Loopholes in current email providers
Encryption Protocols are not in place
Most email companies including Gmail use Transport Layer Security (TLS) to encrypt emails delivered from your computer to their servers. Your email provider encrypts your email with your public key after it arrives on their servers. Your email provider, on the other hand, has access to the private key that can decrypt your messages. As a result, your messages can be intercepted and manipulated by your email provider, hackers, and sovereign countries. To take things a step further, if your email provider’s servers are hacked, all of your emails could be exposed to the public, putting your personal information and data at risk. Currently, most of the conventional email providers don’t apply strong encryption protocols (E2EE, PGP, Zero access encryption protocols). As a result, most of the email traffic traverses the public Internet unencrypted in plain text format.
Centralized Email Servers worldwide Compromised in Attacks
Tens of thousands of businesses around the world have had their email servers hacked, with Microsoft Exchange Server attack attempts doubling every few hours. Following the revelation of four zero-day weaknesses in on-premises Microsoft Exchange Systems, an estimated 250,000 servers throughout the world have already been attacked.
Your email is an open book for Government agencies
Email apps that claim to be secure enough to thwart government snoops and advertisers have flaws. When Edward Snowden leaked details of the NSA’s mass surveillance program PRISM in 2013, he had been using a secure email service called Lavabit. Even though ‘Lavabit’, stated its service was “so safe that even our administrators can’t read your email,” a federal judge ordered the email provider to hand over its encryption keys to the authorities to spy on Edward Snowden’s email in 2014. Further back, we learned that encrypted email provider Hushmail was quite comfortable with handing over user passwords to decode messages and handing them over to law enforcement in plaintext.
Latest Email attacks are increasing (Social engineering attacks)
Then there are the most recent email threats, such as phishing, Spear Phishing, Malware attacks to consider, which are always evolving. The act of attempting to get information such as usernames, passwords, or credit card numbers by impersonating a legitimate email is known as phishing. Spammers are becoming more sophisticated, employing tactics such as snowshoe phishing to bypass anti-spam filters which are designed to mark an email as spam. Anti-spam filters have a harder time catching everything, thus increasing the chances that one will make it to a user’s mailbox.
Weak & stolen Passwords
According to the Data Breach Investigations Report from Verizon, 81% of data breaches involving hackers had to do with stolen and/or weak passwords. Having an easy-to-guess password is a common mistake, and hackers should be able to guess this very easily using brute force attacks.
“23.2 Million Victim Accounts Globally Used 123456 as Password”
The difficulty to use “strong passwords” at all times is one of the key reasons why they might be a pain. They’re difficult to remember, especially if you’re trying to access them from a mobile device. PreciseSecurity research revealed that:
“Only 12 % of US Online Users Take Advantage of Password Managers”
When Hackers Parade as Mail Server’s Administrators
When a privileged user or an administrator is compromised, the entire organization’s cybersecurity is endangered. A criminal actor can get widespread access, install malware, and make system-level changes using the permission power of a privileged user or admin. This can expose you to far greater losses than if a user accidentally clicked on something they shouldn’t have. With admin level access, a hacker might possibly administer privileged user accounts or groups, reset passwords, change domain security group memberships, or even establish legitimate-looking accounts for future evil use. Given that it appears to be comi, tracing all of this would be challenging.
What can you do about it?
Considering all of the security challenges that traditional email providers impose, If you’re looking for native end-to-end encryption and the utmost level of privacy, you’ll need to turn outside of Gmail and toward a separate email program that enforces strong encryption protocols such as end-to-end encryption. The fact is that we have multiple alternate secure email providers which are free to use. Where is the problem then? Why are people not switching to those secure email providers?
Now, with billions of people conditioned to use Gmail, Yahoo Mail, and other email services as part of their daily lives, the question becomes: If the illusion of privacy were to be irrevocably shattered today, would it make a difference to their users?
Please feel free to share your thoughts.
Stay tuned for our next blog about possible technologies and precautionary measures that can be taken to make it secure.