IT Security - Oct 5, 2021
Email security at schools and universities - With Trend Micro solutions.

by Jan Köhler, Michael Mayer

Teachers and lecturers alike write and receive countless e-mails per day, and this means of communication constitutes a large amount of document exchange. Homework is sent to teachers or presentations by students to the professor for review. Cyber criminals regularly attack the e-mail systems of educational facilities, as these are often high-performance and their users generate a lot of mail. Another point is that these systems depend on powerful network connections and that very often free mail server systems are used.

written by

Jan Köhler
Team Leader Network and Head of Security

E-Mail: jan.koehler@bechtle.com

Michael Mayer
Product Management Software / Portfolio Management Security

E-Mail: michael.mayer@bechtle.com

Our team is currently involved with a case at a university where IP addresses are continually landing on the blacklists of several security providers, due to their mail system being identified as a threat. This leaves us with two questions: What happened? Why did it happen? One possibility is that an employee working remotely clicked on something that turned out to be ransomware. Either that or the attackers found out that the mail server can be used to send further mails to find more potential targets.

What does an attack look like? It is usually carried out using an e-mail and an attached file. Only one click and a malicious code is loaded onto the system. At that point it's mostly too late. But how can we prevent this? Visibility is key. Using a postfix mail server as a mail gateway may give you a mail log, but it won't protect you. And even if there is some protection, most admins don't actually read through log files all day.

E-mail security - This is how the solution looks.

In the case above, we had to find the cause to the problem and investigate which precautions could be taken to prevent similar cases in the future. Our solution? We use a system that creates visibility. It helps us to understand where e-mails are coming from and where they are going to. If you combine this with the right protection, you are looking at a secure system.

Trend Micro's Deep Discovery Email Inspector does just that. It uses innovative technology such as sandboxing and white and blacklists to recognise and deflect spear-phishing e-mails that are used to lure students and teachers into activating dangerous and complex malware and ransomware. Each e-mail attachment is subject to a virus test and it's possible to control where these mails are headed and what exactly is allowed to happen.

Protection from spear-phishing mails.

Email Inspector is integrated downstream of the e-mail gateway. The solution recognises and removes spear phishing e-mails that carry out attacks via malicious attachments and URLs and other complex threats and ransomware. This offers some obvious advantages for educational institutions such as more all-round protection thanks to transparency, extensive recognition technology and high flexibility.

What's more, 99.3 % of all attacks are carried out via e-mail-whether in the public sector, at universities or schools, or in private enterprises. Opening a malicious e-mail is not only stressful, but also consumes time and money-making a good backup essential.

We've also recommended our customers ensure that the topic of e-mail security plays a role for employees, as this is vital in preparing them for future attacks. The decision was made to inform users regularly on any suspicious activity and incidents via mails.

E-mail security - Where is the attack coming from?

If the attack is successful, the company should ask itself where the attack came from. How far do we have to row back to run a clean system again? The most important question, however, is how do I get my systems secure again?

Generally, you should always stick to holistic approaches. In places where dual vendor strategies were followed a few years ago, it may now make sense to unify communications and exchange of information on the product.

Let's say, for example, while scanning e-mails, a file was found that contains malicious code. This information can be passed on to the AV endpoint that will then search the systems for this file and remove any traces of it.

Would you like to find out more about security solutions by Trend Micro for the education sector? Then please get in touch with us.

Share article

Published on Oct 5, 2021.
21Sep
Cybersecurity-Know-how für Geschäftsführende. Teil 4.2: Cybersecurity als Business Enabler im Bereich Operational Technology (OT).
This page is currently not available in the selected language.
Read
13Sep
MFA/2FA/OTP - Secure authentication in the age of the cloud.
Employees' identities have become the top risk factor and one thing is clear-the coronavirus pandemic has significantly increased the attack surface for cyberattacks and many businesses' IT departments are facing an uphill battle. One risk that has been pushed back into the spotlight thanks to the trend towards working from home, is the wide-spread use of weak passwords.
Read
07Sep
Cybersecurity expertise for managing directors. Part 4.1 - Strategic cybersecurity.
The majority of the time, cybersecurity is considered a necessary evil that soaks up money. However, when properly understood and leveraged, cybersecurity can give businesses a real competitive edge. Management need to completely rethink their attitude to cybersecurity so that the opportunities it presents are in the foreground. By looking at it from a different perspective, new possibilities for the strategic development of your own business to make it fit for the future emerge. Are you ready for strategic cybersecurity?
Read
03Aug
Cybersecurity expertise for managing directors. Part 3: Liabilities and obligations.
The damage caused by cyberattacks is growing worldwide, but the risk of falling victim to cybercrime has specifically increased in Germany. According to the Munich Re Global Cyber Risk and Insurance Survey, the average cost of ransomware attacks is around 280,000 USD per case-and that figure does not even include potential ransom payments. When damage is caused, someone has to take responsibility, especially in a worst case scenario.
Read
20Jul
Cybersecurity expertise for managing directors. Part 2 - Darknet dangers!
Reports on hacker attacks are starting to make it into main news bulletins with criminals becoming ever more professional and targeted in their attacks, true to the motto "the greater the damage, the higher the ransom". Ransomware attacks which see data being stolen and encrypted are commonplace and when people question where these attacks are launched from, discussions seem to focus on the darknet.
Read
15Jul
Microsoft Exchange Server - Critical vulnerabilities patched.
Participants in the 2021 Pwn2Own hacking contest have identified previously unknown vulnerabilities in Microsoft Exchange Server, including remote code execution, privilege escalation, and information disclosure flaws. Microsoft has already published security updates to resolve these issues.
Read
15Jul
Advanced Persistent Threats - The unknown menace.
Advanced Persistent Threats, or APTs, are a multi-layer, sophisticated form of attack that a growing number of businesses are becoming acquainted with. Experts are clear. Anyone can be impacted. To make sure you don't fall victim yourself, we've put together some detailed information on this often underestimated attack scenario and explain how it unfolds. We'll also give you some tips on how to protect yourself and what to do if the worst comes to the worst.
Read
07Jul
Cybersecurity expertise for managing directors. Part 1 - Cybercrime in Germany.
The number of IT security risks facing SMEs has risen considerably over the last few years and there's no end in sight with the number of security incidents and their impact contributing to this development. At the same time, the IT security solutions market is growing as dynamically and not without reason, as there is immense pressure on owners and managing directors of SMEs to keep pace.
Read
05Jul
Critical security vulnerability in the Windows Print Spooler service - We're here to help.
An exploit code is currently doing the rounds that is capitalising on an as-yet unresolved security vulnerability in many Windows versions. A patch has not yet been made available. The issue affects the Windows Print Spooler. According to current information, all Windows versions from 7 SP1 to Server 2019 are impacted. The exploit enables malicious code to be run with system rights and, if this happens on a domain server, attackers could spread throughout the network and infect other computers with malware.
Read
01Jul
From an IT security assessment to an IT security roadmap - How to successfully redesign the IT landscape.
The coronavirus pandemic has seen the digital transformation really take off at German companies, driven by those sitting at the top tables. However, these are the same people who are responsible for IT security, so how can companies adapt their IT landscape to current security requirements?
Read
More posts

Attachments

  • Original document
  • Permalink

Disclaimer

Bechtle AG published this content on 05 October 2021 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 05 October 2021 07:00:38 UTC.