Proofpoint: Security, Compliance and the Cloud

277 posts categorized "Email Security"

November 27, 2012

Spear Phishing Attack Cause of Massive South Carolina Data Breach

Spear phishing cause of South Carolina Dept. of Revenue Data BreachIt will come as no surprise to regular readers of this blog, but it was revealed this week that a recent, massive data breach at the South Carolina Department of Revenue -- which exposed "millions of Social Security numbers, bank account information and thousands of credit and debit card numbers" according to SearchSecurity -- started with a phishing attack around mid-August 2012.

According to the official response report (South Carolina Department of Revenue, Public Incident Response Report, November 20, 2012),  "A malicious (phishing) email was sent to multiple Department of Revenue employees. At least one Department of Revenue user clicked on the embedded link, unwittingly executed malware, and became compromised. The malware likely stole the user’s username and password."

Later, the attacker logged into a remote access service using compromised user credentials and began an ongoing process of escalating privileges and installing malware on compromised servers. Potentially stolen information exfiltrated by the attacker totalled more than 74 Gigabytes of data.

SearchSecurity's coverage (see, "Phishing attack, stolen credentials sparked South Carolina breach") notes that, "In addition to the 3.8 million people whose data were exposed, the breach included information on 1.9 million dependents. It also included data on 699,900 businesses. Information on 3.3 million bank accounts were also stolen."

SC Magazine also has a good summary of this attack and the phishing attack that ulitmately lead to the release of confidential information (see, "S.C. tax breach began when employee fell for spear phish").

If you're interested in the methods and motives of today's advanced targeted attackers, you'll want to join us for our next live web seminar, "Targeted Hybrid Attacks on Organizations:
2012 & Beyond
," on Wednesday, December 5 (11 AM PT / 2 PM ET).

Forrester Research security analyst Rick Holland will be on hand to discuss the South Carolina breach as just the latest example of spear phishing-lead attacks, why organizations keep getting phished, and how to apply today's email security solutions to keep your enterprise's most valuable data secure.

Follow the link above to register, or simply complete the form below:

November 16, 2012

Stay Safe Online this Holiday Season: Proofpoint's Seven Simple Rules and New Advanced Targeted Attacks Webinar

Mugshot-Santa-Stay-Safe-Online-2012-Holiday-Season-ThreatsYes, the holiday season is approaching once again and along with holiday celebrations and shopping — especially "Cyber Monday" and "Black Friday" sales, which seem to start earlier every year — also comes an increase in online threats.

Over the past several years, Proofpoint security researchers have observed that the that the volume of attacks — including phishing email attacks, social media exploits and other types of malware attacks — typically increases during the holiday season. Many of these attacks are engineered to take advantage of the consumer mindset during the holidays.

Our October 2012 report on email security threats found that, on any given day, phishing attacks represented 10% to more than 30% of total unsolicited email volume and this trend has continued into the first part of  November.

So, as is traditional here at Proofpoint, I wanted to take a moment to remind you of our "Seven Simple Rules" for staying safe online during the busy holiday season. Read on for our updated tips for 2012 and feel free to share them with your friends, family and email users!

As usual, we also have a couple of early presents for you IT security types: December's live web seminar "Targeted Hybrid Attacks: 2012 and Beyond" will feature special guest Rick Holland, security analyst for Forrester Research. And you can read Rick's latest research, The Forrester Wave™: Email Content Security, Q4 2012, compliments of Proofpoint.

Proofpoint's Seven Simple Rules for Staying Safe Online During the Holidays

1. Be aware: Always view with suspicion any email with requests for personal IDs, financial information, user names or passwords. Your bank, online services, government agencies or legitimate online stores are extremely unlikely to ask you for this type of information via email. Consumers should also be suspicious of similar emails that appear to come from an employer or friend. Never send personal financial information such as credit card numbers and Social Security numbers via email. Today’s malicious emails and phishing attacks are disguised as communications from all sorts of organizations, including banks, money transfer services, government agencies, media outlets, and package delivery services.

2. Don’t click: If you receive a suspicious email, don’t click the links in the email or open file attachments from anything but 100 percent trusted sources. Links embedded in emails may take you to fraudulent sites that look similar or identical to the legitimate “spoofed” site. In addition to attempting to gather your personal login credentials, these phishing sites may also automatically install malicious software, without your knowledge. Increasingly, scammers are using link shortening services to disguise the true destinations of their links. Instead of clicking, open a browser and type the actual Web address for the site into the address bar. Alternatively, call the company using a phone number you already know.

3. Be secure: When you are shopping online, entering important information such as credit card numbers, or updating personal information, make sure you’re using a secure Web site. If you are on a secure Web server, the Web address will begin with “https://” instead of the usual “http://”. Most Web browsers also show an icon (such as Internet Explorer’s “padlock” icon) to indicate that the page you are viewing is secure.

4. Don’t fill out email forms: Never fill out forms within an email, especially those asking for personal information. Instead, visit the company’s actual Web site (using a Web address you already know) and ensure that the page you are using is secure before entering sensitive information.

5. Keep an eye on your accounts: Check the accuracy of your credit card and bank statements on a regular basis, especially during the busy holiday shopping season. Many scammers count on consumer inattention to get away with fraudulent charges. If you see anything suspicious, contact your financial institution immediately.

6. Get social media savvy: Email isn’t the only attack vector used by spammers and scammers. Social media sites like Facebook and Twitter are increasingly used to deliver the same kinds of scams and malicious links to unsuspecting users. Spammers and malware writers continue to distribute malicious, but convincing, emails that masquerade as notifications such as friend requests or message notifications. Keep all of the preceding tips in mind when using the latest communication tools.

7. Make security your first stop: If your holiday includes giving or receiving a new computer, mobile device or upgraded operating system, install a good anti-virus or Internet security solution before doing anything else online. Reputable vendors include F-Secure, McAfee and Symantec. There are also reputable free solutions such as Avast, so a lack of resources doesn't mean you have to go without security. Be extremely wary of Web pop-ups that offer “free security scans” or that inform you that your machine is infected with a virus. Such offers commonly lead to fraudulent anti-virus solutions that are actually malicious software.

Have a safe and happy holiday season, OK?


October 04, 2012

Free RSA® Security Expo 2013 Passes, Courtesy of Proofpoint: Use Code FXE13PRF

RSA-Conference-Free-Exhibit-Passes-2013[Update 10/9/2013: Looking for 2014 passes? Use our new code SC4PROOFB.  Find registration link in this post.] 

In a sure sign that summer is over and that the holidays are nearly here, I am informed that registration is now open for the RSA Conference 2013.

As usual, Proofpoint will be exhibiting at the RSA Conference 2013, to be held February 25 thru March 1, 2013 at Moscone Center in San Francisco.

If you'd like to attend the RSA Conference 2013 expo (exhibits), you can get a free exhibits-only pass (which RSA calls an "Expo Pass") courtesy of Proofpoint by using code FXE13PRF when you register.

To register for your free RSA exhibits pass, please visit the following URL and enter code FXE13PRF during the registration process:

We look forward to seeing you there! Proofpoint will be exhibiting at booth #739, demonstrating our entire suite of cloud-based data protection solutions, including threat management (email security), compliance (data loss prevention, email encryption), archiving & governance, and secure communications.


September 20, 2012

Replacing Postini: Should You Replace Postini with Google Apps, or Replace with an Alternative Email Security Solution? (Video)

As you've probably already heard, Google is actively moving customers of its Postini email security and archiving solutions to Google Apps. This is essentially forcing organizations to replace Postini with either Google Apps or an alternative Postini replacement.

The options and implications can be confusing, so our VP of product marketing, Kevin Epstein, put together a great overview of what is happening with Postini, potential issues to be aware of when transitioning from Postini to Google Apps, and the types of benefits that enterprises could reap if they replaced Postini with an alternative email security solution.

Check it out here: 

There are several resources mentioned by Kevin in that video, and I've provided handy links to them, below:


September 04, 2012

New Forrester Analyst Reports on Protecting IP from Cybercrime, Controlling Sensitive Information in the Era of Big Data

Forrester-protect-your-competitive-advantage-by-protecting-your-intellectual-property-from-cybercriminalsJust a quick note to let you know about two new resources from analyst firm Forrester we've posted to the analyst reports section of the Proofpoint Resource Center

These are:

Protect Your Competitive Advantage by Protecting your Intellectual Property from Cybercriminals, which investigates common ways that data is stolen from organizations today, the cost of inadequate data security, and what organizations must do to protect their data.


Control and Protect Sensitive Information in the Era of Big Data, outlines some best practices to help security and risk professionals understand how to control and properly protect sensitive information in today's era of massive enterprise datasets and data stores.

You can read the full reports, compliments of Proofpoint, by following the links above. 




August 20, 2012

New Email Security Magic Quadrant: Proofpoint is a Leader in the 2012 Magic Quadrant for Secure Email Gateways

Magic-Quadrant-for-Secure-Email-Gateways-2012New for 2012, Gartner's "Magic Quadrant for Secure Email Gateways" -- wherein Gartner describes the current state of the email security market, technology and threat trends, and describes the leading vendors and solutions in this market -- has been published.

As usual, Proofpoint has licensed a reprint of the new magic quadrant and you can read the full report, compliments of Proofpoint, at the following URL:

Writing in the 2012 "Magic Quadrant for Secure Email Gateways," Gartner analysts Peter Firstbrook and Eric Ouellet note that, "Buyers should focus on strategic vendors, data loss prevention capability, encryption and better protection from targeted phishing attacks."

While spam volumes have declined, Gartner notes that targeted attacks against organizations represent an increasingly serious threat, noting that, "Better protection from targeted phishing attacks is the most critical new inbound protection capability (72% of respondents indicated that this was a very important capability), but only a few vendors have advanced the state of the art against these attacks."

There's a lot more great information in this report, which you can read by following the link above, or by simply completing the mini form, below:

About the Magic Quadrant graphic:

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Proofpoint, Inc. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. 

August 13, 2012

Get a First Look at Targeted Attack Protection: Live Next Wednesday!

Proofpoint-targeted-attack-protection-spear-phishing-defenseOur live web seminar series continues next week with, "Targeted Attacks on Your Key Employees: How to Respond to Targeted Attempts to Steal Sensitive Enterprise Data." As readers of this blog are no doubt aware, spear phishing and other forms of targeted attacks represent one of the most dangerous attack vectors today.

In this live web seminar (Wednesday, August 22nd at 11 AM PT, 2 PM ET), we'll share best practices for responding to targeted attacks. In addition, you'll get a first look at the new Proofpoint Targeted Attack Protection solution. The newest addition to Proofpoint's security-as-a-service suite uses big data analytics and other advanced technologies to help organizations identify, defeat and remediate targeted attacks. And the user interface (especially the "Threat Insight" dashboard) is incredibly slick -- definitely worth checking out.

As usual, we'll also reserve time for Q&A to answer your questions live.

To register, follow the link above, or simply complete the form below. Webinar registrants will get a link to the replay of the live event as soon as its available, so it's worth registering even if you can't make it to the live event. We hope you'll join us!


August 06, 2012

Live this Week! Security Best Practices for Financial Services Organizations

In the financial services industry, maintaining control over private data is crucial to both your customers and your organization's reputation. As the security landscape continues to change, companies need to be prepared to protect their most sensitive business data with the most advanced approaches available today.

To ensure financial industry enterprises are aware of these leading technologies, our next live web seminar, this Wednesday, will focus on best practices for creating the right policies for data privacy and encryption. As new technologies are created that help make encryption efforts easier — and as widely publicized breaches of private data continue to come to light — more financial enterprises are considering these features.  

Our resident data privacy expert, Ken Liao, will discuss how Proofpoint’s financial industry customers use Proofpoint solutions to comply with existing and emerging regulations and ensure the highest standards of security for their companies. Please join us on August 8th 11 AM PST (2 PM EST).

To register, visit the link above or simply complete the form below. As always, a link to a replay of the webinar will be sent to all registered attendees shortly after the live event.


August 02, 2012

Now Available: Proofpoint Enterprise Protection and Privacy 7.1, Proofpoint Targeted Attack Protection

Learn More: Proofpoint Targeted Attack Protection"Ship it!"

It's been a busy week on the engineering side of things here in Proofpoint land as a new version of Proofpoint Enterprise Protection / Proofpoint Enterprise Privacy is now available, and the new Proofpoint Targeted Attack Protection solution has also become generally available.

New features in Enterprise Protection/Privacy version 7.1 include support for Proofpoint Targeted Attack Protection, a new MLX Reputation service, administrative interface enhancements including French and German versions, new Smart Identifiers (for Privacy), security enhancements and much more.

As always, the new version is free to current customers of Enterprise Protection or Enterprise Privacy. Current customers can initiate an upgrade by opening a new support call requesting an upgrade to version 7.1. More details on the new version can be found in this support note (your support login is required to view).

Our new cloud-based solution for spear phishing and other forms of targeted attacks, Proofpoint Targeted Attack Protection, deploys an array of advanced technologies including big data analysis techniques, URL interception, and malware sandboxing to provide unprecedented protection that follows messages and users wherever they go. Learn more about this exciting new cloud security solution here.

July 30, 2012

Grum Botnet Takedown: Spam Volumes Reduced Somewhat, but Bursty Behavior Continues


There was quite a bit of media coverage over the last two weeks of a reported takedown of the Grum botnet, led by California-based security vendor FireEye and UK-based spam-tracking service SpamHaus.

According to according to ITWorld, the Grum botnet may have been responsible for sending some 18 billion messages per day. FireEye has a detailed account of the takedown process, which happened between July 17 and 19th, in their blog.

Now that it's been more than a week since the initial takedown I thought it would be interesting to see what, if any, impact the Grum takedown has had on overall spam volume. The chart at the top of this post (click for a full-size view) shows the daily volume of spam messages coming into some of Proofpoint's spam traps from May 2012 through today.

There are several interesting points worth noting:

  • During most of May and June this year, spam volumes seen by our automated systems were in a relatively steady state, oscillating between 4 and 6 million messages per day. In late June, we begin to see a more bursty pattern of spam attacks with daily volumes sometimes spiking as high as 9 million messages.
  • While there is a clear low point (about 2 million messages around July 19th), you can see that bursty spam-sending behavior immediately resumes, though there may be a continued downward trend as measured on a longer timeframe (weeks or months). It will be interesting to see how things evolve in the coming weeks.
  • The behavior here is somewhat reminiscent of spam sending behavior immediately after the Rustock botnet takedown, which I covered in a post from early last year.

In general, "honeypot" spam volumes have fallen quite dramatically (about 5x on a daily basis) since 2010 (when it wasn't uncommon for our spam traps to see in excess of 25 million messages daily). While botnet shutdowns have undoubtedly had an impact on spam volume over the past few years, and are an important part of the overall effort to deter and prevent various forms of cybercrime, they are not the sole reason that we've seen nuisance spam subside.

There's been a fundamental change in the business model around unsolicited email. Instead of being primarily concerned with promoting (often fraudulent) products and services, unsolicited email is instead being used as one of the primary vectors to compromise systems (by stealing user credentials), recruit computers (and possibly mobile devices) into botnets (which have applications in many different types of cyberattacks beyond spam and phish), install various forms of malware and commit other forms of fraud.

Such emails are sent in lower volume and are often highly targeted in nature. That is, they are distributed not en masse, but in a very controlled manner, targeting specific Internet domains, or even specific users. In this way, such messages often avoid winding up in generic spam honeypots. The detection and prevention of such attacks, particularly the highly-targeted versions, require different techniques (which I won't belabor here, but see our materials around Proofpoint Targeted Attack Protection as one example). 

I suspect that both current and future botnets will become harder to detect and harder to take down. There is already evidence that newly-engineered botnets are becoming increasingly resistant to takedown efforts. News this week from the BlackHat conference in Las Vegas speculated that Gameover ZeuS, a P2P botnet that is the largest bank-theft botnet, incorporates many defensive advantages to avoid a takedown.

According to CSO's article, this botnet has already infected hundreds of thousands of PCs around the globe and that, "The botnet steals by accessing bank accounts and making unauthorized large Automated Clearinghouse (ACH) and wire transfers to what are called 'money mules,' who works as accomplices."

Expect that future botnets (and associated cybercriminal activity) will become increasingly evasive, and increasingly difficult to dismantle once their existence is detected. 

[Special thanks to intern Courtney Klosterman for her research and contributions to this article.]


Blog Search

Email Security Gateways, 2012

Magic Quadrant


What people are saying right now about us.

©2012 Proofpoint, Inc.
threat protection: Proofpoint Enterprise Protection compliance: Proofpoint Enterprise Privacy governance: Proofpoint Enterprise Archive secure communication: Proofpoint Encryption