SP Guard reveals deception, Defends Against Spearphishing
Over 80 million Anthem customers were compromised in a single cyberattack. How did the attackers do this? The attackers used email to trick a person into compromising the Anthem systems. Anthem is just one example. There are many examples of recent spearphishing incidents:
* The White House Military Office.
* Target, 110 million people’s records compromised.
* Operation Aurora, which compromised many commercial entities, including Google, Intel, GE, Sony, Disney, and Adobe.
* French Ministry Of Economics, Finance and Industry
* Canadian Government
* U.S. National Science Foundation’s Office of Cyberinfrastructure
Email is, by design, two-faced. It presents one face to the worldwide email system. It presents a completely different face to the email recipient. Spearphishing exploits this duplicity to deliver highly targeted email in which the email is carefully crafted to entice the specific recipient. This differs from typical spam-like phishing scams that are based on fooling a small percentage of a large number of recipients.
In spearphishing, the data compromise occurred because the recipient of the spear-phishing message could not distinguish real from fake; the attackers used deception to pretend to be a trusted sender. Telling users to be alert and careful is good general advice, but how can they really know what’s real and what’s not? Defenses need a new layer to fight deceit.
SP Guard provides the deceit defense layer by modifying the email client’s display to provide a visual indicator of the identity of the sender of email. This is an example from Outlook, the popular business email client, in which a company called “MyCo” is marking their internal messages as well as those from trusted partners such as their law firm. Note especially the last message, though seemingly benign, is a spear-phishing message and is not marked as authentic:
Using patented technology, Iconix overcomes the sender identification deficiency of current email systems by providing a trust indicator to signal users which emails come from trusted senders. Our patents cover:
* Using the icons to intuitively identify trustworthy senders;
* Filtering based on sender identity methods; and
* Providing additional sender data in a hover-over.
Without SP Guard, personnel receiving spearphishing emails are left to guesswork in determining if the email should be trusted. That guesswork is made in a decision space that is manipulated by the attacker. With SP Guard installed, IT is able to provide personnel with real-time identification of trusted senders. SP Guard gives the email recipient Email IFF services.
Users will decide which emails to trust. That decision can be guesswork or it can be guided by IT.