Can’t believe your eyes! Facing down deceptive digital attacks with improved ESET Cloud Office Security

ESET Cloud Office Security gets new capabilities to discover spoofing and homoglyph attacks.

Humans are considered to be the weakest link in cybersecurity, particularly because they tend to fall for phishing attacks. Businesses often address this problem with cybersecurity awareness training, which is very useful but can hardly cover all the threats employees face in the digital world.

For example, tips on identifying a phishing email typically advise users to check whether the email sender’s name is correct. But what if attackers use visual tricks to make the sender’s email appear legitimate despite being fake? And what if the sender’s email is spoofed so even the most attentive eye can’t spot the difference? 

To protect businesses and their employees from spoofing and homoglyph attacks, ESET equipped its ESET Cloud Office Security with Anti-spoofing and Homoglyph protection. These can recognize even discrepancies in malicious emails that human eyes cannot.

The new ESET Cloud Office Security also includes an email clawback feature that simplifies email quarantine management. It also offers an improved dashboard, providing a quick overview of the security status in a company’s Microsoft Office 365 or Google Workspace.

According to Verizon’s 2024 Data Breach Investigations Report, 68% of breaches involved a non-malicious human element. Most of those attacks were phishing (tricking a user into giving sensitive information or downloading malicious content) or pretexting (using a fabricated story or pretext to gain a victim's trust) via email.

These attacks can inflict substantial financial damage. IBM’s Cost of a Data Breach Report 2024, conducted by Ponemon Institute, calculated that average business losses resulting from phishing attacks experienced by surveyed companies reached 4.88 million USD.

ESET research has repeatedly shown that cybercriminals improve their phishing methods in multiple ways, including eye-deceiving attacks that avoid raising typical red flags. In these cases, employees usually face homoglyph attacks or spoofing combined with a well-written email body. The latest is not so difficult to achieve thanks to the high-quality automated translators and AI chatbots that are currently available.

One of the recent campaigns involving spoofing is described in the latest ESET APT Activity Report Q22024-Q3 2024. North Korea-aligned group Kimsuky used spoofing to make believable spear phishing emails targeting North Korea-experts working for NGOs and researchers in academic circles. Emails contained fake requests for a media interview or giving a presentation. After gaining the victim’s trust, Kimsuky delivered a malicious package, usually disguised as a list of questions that should be answered before the event.

Kimsuky group created fake usernames and used legitimate domain names to impersonate individuals from trusted organizations, including think tanks and institutions of higher education.

Here are some common tricks of the eye cyber threats to watch out for:

Email sender spoofing – Email sender spoofing is a phishing technique where attackers configure the “From” address in an email to appear as a trusted sender. The common practice among cybercriminals is also configuring “Reply-To” field, so it looks like the legitimate sender address despite the reply is sent back to the attacker.

Homoglyph attack – Homoglyph or homograph attacks exploit the fact that many characters look very similar. To understand this technique, check the domain name “℮s℮t.com”. Nothing looks suspicious, right? But this isn’t the real ESET domain name because there are estimated symbols “℮” instead of the alphabet letters “e”.

Typosquatting – Similar to homoglyph attacks, typosquatting also uses visual tricks to make phishing links look legitimate. Instead of changed characters, it relies on small typos such as “eseet.com” instead of “eset.com.”

Upon seeing these real-life examples, it is clear that typical cybersecurity awareness courses should be complemented by cybersecurity technology able to spot threats that a human eye cannot.

The latest version of ESET Cloud Office Security approaches these issues with two new features Anti-spoofing and Homoglyphs protection while also simplifying its email management system.

All these changes contribute to the ESET prevention-first approach which mitigates the risks associated with advanced threats and minimizes the time security teams have to spend on incident response and remediation.

Anti-spoofing - A feature that identifies and prevents attackers from pretending to be trusted sources. Businesses can set verification rules for incoming emails that are based on industry standard verification tools — DomainKeys Identified Mail (DKIM) checking email signatures, Sender Policy Framework (SPF) checking a sender’s server, and Domain-based Message Authentication, Reporting & Conformance (DMARC) that gives a sender’s domain ability to tell a receiver what to do if the checked email doesn’t pass those previous two authentication methods.

For example, if an incoming email seems legitimate but doesn’t have a valid digital signature from the legitimate domain (fails DKIM check), it goes to quarantine. Even if attackers hijack a legitimate email account and use it to send malicious emails, ESET Cloud Office Security can recognize the threat because the IP address attached to the email server is different from what is listed in the SPF record (fails SPF check).

Homoglyph protection - A feature that identifies malicious email domains pretending to be legitimate through the substitution of letters with similar characters or letters from other alphabets. Businesses protected by ESET Cloud Office Security can set rules for domain names to pass only those emails with correctly written domain names. This feature would recognize the fake domain name “℮s℮t.com” because the estimated symbol “℮” has a different Unicode than the alphabet letter “e.”

Email clawback – This feature simplifies the management of quarantined emails. Users can easily quarantine any suspicious delivered email and restore it with a single-click action in case that the email proves to be legitimate.

Improved dashboard – ESET Cloud Office Security Dashboard provides crucial information about the total number of protected users, license usage, users who are the largest spam, malicious, and phishing email recipients, and the top suspicious OneDrive, Google Drive, SharePoint, and Teams accounts or groups/sites. Admins also can see Exchange Online, Gmail, OneDrive, Google Drive, SharePoint, and Teams detections with spam, malware, and phishing.

The improved dashboard comes with fully customizable tabs and components to fit the specific needs of admins or different kinds of businesses such as Small and Medium Businesses, Managed Services Providers, and Enterprises.

As threat actors continuously refine their phishing techniques, , the chances for employees to recognize malicious emails are shrinking despite the availability of cybersecurity awareness training . To successfully mitigate these threats, businesses need advanced cybersecurity tools capable of detecting and blocking emails that appear indistinguishable from legitimate ones or catching malicious emails ESET Cloud Office Security excels in this area by intercepting email spoofing and homoglyph attacks before they reach you. By doing so, it helps businesses prevent potential financial losses, reputational damage, and operational disruptions. With ESET Cloud Office Security you can stay one step ahead of cybercriminals and safeguard your company’s future.