Did you know that a large percentage of cyber security threats originate through email? If you’ve ever clicked on an unsolicited email attachment from an unknown sender, your chances of downloading malware skyrockets.
This is something the information security professionals in Information Technology Services (ITS) are acutely aware of. In an average month, they block approximately six million phishing and spam emails sent to the Carleton community. They also analyzed 6.8 billion security events and blocked 268,000 attempted network intrusions in 2022.
It’s for this reason that AI-based email protections were among the advanced protection features added to ITS’s existing suite of cyber security defences in August 2022. They include:
- anti-phishing tools to catch and mitigate phishing attacks before they land in a user’s inbox,
- anti-spoofing tools to prevent emails from forged sender addresses,
- anti-spam tool to mitigate mass emails from potentially malicious sources,
- safe attachments tools to check for abnormal/malicious behavior in the cloud before opening,
- safe link tools to check URLs for abnormal and malicious behaviour in the cloud before opening, and
- email encryption tools to ensure compromised emails cannot be read.
What is Email Impersonation?
Email impersonation is at play when the sender, or the sender’s email domain (i.e. the part of an email address that comes after the @ symbol) is crafted to look like a real sender or domain, tricking the recipient into opening the email and taking an action, such as divulging personal information. Some examples of email impersonation include the following:
- Obscuring a real display name with a fake email address. For example, a fictional person named Valeria Barrios (whose real Carleton address would be valeria.barrios@carleton.ca) might be impersonated using the email address valeria.barrios@internet.ru.
- Using email domains that are similar. For example, an email impersonation attempt can come from a Carleton domain that doesn’t end in .ca (i.e. valeria.barrios@carleton.com or valeria.barrios@carleton.biz etc.) Email impersonation attempts can also come from domains that look somewhat like Carleton’s (i.e. valeria.barrios@carletonon.ca or valeria.barrios@carletonabcdef.ca.)
Protecting Endpoints
The rollout also included tools to better protect devices using Defender for Endpoint, providing AI-based threat protection beyond the capabilities of regular anti-virus agents with benefits including improved detection of malicious activity, better visualization tools for ITS’s information security professionals, and enhanced protection for users.
All users and devices in the CUNET domain automatically received these new security tools. Faculty and staff members whose devices are not part of the CUNET domain can take advantage of these protections on their work devices by following the self-service instructions on the ITS website or contacting their local CSU for assistance. Thousands of faculty and staff members have been onboarded with marginal impacts to their day-to-day work.
“Thanks to the hard work of the Device and Office 365 Security project team, and our partners in the Computer Support Units (CSU), we had an extremely successful deployment of the new security tools,” said Steve Fraser, Director of Information Security. “An indicator of a smooth deployment was the most common question we received–people wanting to confirm we had actually done the upgrade!”
These new state-of-the-art tools allow ITS staff to identify malicious events quicker and reduce the time it takes to recover from events like phishing campaigns from days to minutes. With cyber criminal organisations getting more capable and the rise of nation-state cyber activity, it is important that we continue to innovate and adapt to changes in the threat landscape.
This story is a part of ITS’s Year in Review for 2022/23. Read more at our Year in Review homepage, or follow along on Twitter using the hashtag #ITSYearinReview. Thanks for reading!