Homeland Security Spoof - Email Attack

Updated: Aug 7, 2019

Cyber attackers very often mimic big-name brands such as Microsoft, Amazon, and sports franchises in their emails. This enables a sender to appear legitimate and trusted as it appears in your inbox. Being able to spot these spoofed domains is critical in not allowing the bad guys entrance into your network.

The latest big name to be spoofed in these attacks is not that of a product brand. Email attacks claiming to be The Department of Homeland Security (DHS) and The Cybersecurity and Infrastructure Security Agency (CISA) have surfaced in the from of an email appearing to be a National Cyber Awareness System (NCAS) alert.

The email contains a message which attempts to get you to download an attachment, which than infects your machine with malware. This is a very common email-based attack type resulting in advanced persistent threats such as ransomware and other company crippling attacks. These attachments may take several forms such as Microsoft Word Documents, PDF’s, or e-faxes.

Administrators should have an email attachment scanner in place which searches for attachments containing malicious code. Depending on the vendor, these scanners can use signature based anti-malware applications, similar to endpoint anti-virus. However, a more advanced scanner will use machine learning and AI to hunt for malicious indicators and patterns, not just known signatures.

Hackers are always learning and developing new attack methods to circumvent your security infrastructure, in order to trick your users into granting them access to the network. Your best and constant defense against these attacks relies with your user’s ability to spot current attack types and report suspicious activity. Make cyber security part of your culture and reward users for spotting emails they believe to be of concern. Never criticize an employee who reports that they have fallen victim to an attack. A quick response to a successful phishing campaign is your best bet against successful advanced attacks.

18 views0 comments