Cymulate’s Email Gateway vector helps you to test your corporate email security.

Email is the most frequently used method of attack for exploiting security weaknesses and compromising corporate environments. Research shows that over 75% of cyberattacks worldwide originate from a malicious email, and the number of those targeted attacks keep increasing. As we have seen in the past, both very high-profile cyber campaigns as well as less known ones, are launched with an email containing a malicious attachment or link for infecting victims with ransomware or opening a direct connection to the Command & Control (C&C) servers of hackers.

For example, a recurring DHL phishing template is making the rounds, which is sent almost on a monthly basis for the past year spreading different payloads such as Tesla, Panda, etc. One recent example of this method used a DHL themed shipment invoice sent by email, notifying its victims that there is a new shipment waiting for them. In order to print out the package details, the victim is required to click on a link within the email’s body. That link, in reality, hides a malicious DOC file containing a link to the attacker’s C&C. After clicking on that link, a destructive malware is sent from the attacker’s C&C to the victim’s endpoint, thus compromising it, and in some cases even compromising the whole organization.

Major companies, government agencies, and political organizations have been (and will be) the target of such attacks in the future. The more sensitive the information that an organization handles, the higher the chance of becoming a target. Furthermore, this attack method is also used for direct attacks on specific organizations and even for sporadic global attacks trying to reach as many unwary individuals as possible.

Organizations utilize different security controls, such as Secure Email Gateways (SEGs), Sandbox, and Content Disarm and Reconstruction (CDR) solutions to protect their employees’ mailboxes. However, their incorrect configuration or implementation can lead to the false assumption that an organization is safe.

Cymulate’s Email Gateway simulation vector is designed to evaluate your organization’s email security and potential exposure to a number of malicious payloads sent by email. The simulated attack exposes critical vulnerabilities within the email security framework. By sending emails with attachments containing ransomware, worms, Trojans, or links to malicious websites, the simulation reveals if simulated malicious emails could bypass your organizations’ first line of defense and reach your employees’ inbox. After running a simulation, the next step would be to test employees’ security awareness regarding socially engineered emails that try to lure them into opening malicious attachments, disclosing their credentials or clicking on malicious links.

The simulation results are presented in an easy-to-understand comprehensive report. Mitigation recommendations are offered for each security gap discovered depending on the type of attack simulated, and how far the threat has managed to bypass security controls and distribute itself, enabling IT and security teams to take the appropriate countermeasures.