by Brian Pinnock, cyber security specialist at Mimecast
Digital transformation set to shift from theory to reality in the next 12 months, claims Dimension Data in the new report focusing on customer experience, cybersecurity, digital and technology futures
Mimecast Releases Latest Report from Cyber Resilience Think Tank
Group marks new ‘Independence Day’ by completing investment transaction with Permira, maintaining its undiluted business approach and aggressive growth trajectory
Scott Manson, Cybersecurity Lead – Middle East and Africa, Cisco
By Alastair Paterson, CEO and Co-Founder, Digital Shadows
Blog by Matthew Gardiner, Senior Product Marketing Manager, Mimecast
Most people live under the assumption that email is immutable once delivered, like a physical letter. A new email exploit, dubbed ROPEMAKER by Mimecast’s research team, turns that assumption on its head, undermining the security and non-repudiation of email; even for those that use SMIME or PGP for signing. Using the ROPEMAKER exploit a malicious actor can change the displayed content in an email at will. For example, a malicious actor could swap a benign URL with a malicious one in an email already delivered to your inbox, turn simple text into a malicious URL, or edit any text in the body of an email whenever they want. All of this can be done without direct access to the inbox.
Described in more detail in a recently published security advisory, Mimecast has been able to add a defense against this exploit for our customers and also provide security recommendations that can be considered non-customers to safeguard their email from this email exploit.
So what is ROPEMAKER?
The origin of ROPEMAKER lies at the intersection of email and Web technologies, more specifically Cascading Style Sheets (CSS) used with HTML. While the use of these Web technologies has made email more visually attractive and dynamic relative to its purely text-based predecessor, this has also introduced an exploitable attack vector for email.
Clearly, giving attackers remote control over any aspect of ones’ applications or infrastructure is a bad thing. As is described in more depth in the ROPEMAKER Security Advisory, this remote-control-ability could enable bad actors to direct unwitting users to malicious Web sites or cause other harmful consequences using a technique that could bypass common security controls and fool even the most security savvy users. ROPEMAKER could be leveraged in ways that are limited only by the creativity of the threat actors, which experience tells us, is often unlimited.
To date, Mimecast has not seen ROPEMAKER exploited in the wild. We have, however, shown it to work on most popular email clients and online email services. Given that Mimecast currently serves more than 27K organizations and relays billions of emails monthly, if these types of exploits were being widely used it is very likely that Mimecast would see them. However, this is no guarantee that cybercriminals aren’t currently taking advantage of ROPEMAKER in very targeted attacks.
For details on email clients that we tested that are and are not exploitable by ROPEMAKER and the specifics on a security setting recommended by Apple for Apple Mail, please see the ROPEMAKER Security Advisory.
Is ROPEMAKER a software vulnerability, a form of potential application abuse/exploit, or a fundamental design flaw resulting from the intersection of Web technologies and email? Does it really matter which it is? For sure attackers don’t care why a system can be exploited, only that it can be. If you agree that the potential of an email being changeable post-delivery under the control of a malicious actor increases the probability of a successful email-borne attack, the issue simplifies itself. Experience tells us that cybercriminals are always looking for the next email attack technique to use. As an industry let’s work together to reduce the likelihood that the ROPEMAKER style of exploits gains any traction with cybercriminals!
Want to learn more? Download the full ROPEMAKER security advisory.
With cyber threats evolving and threatening to affect organizations day to day activities, the cost of implementing IT security solutions has significantly increased from “US$75.4 billion in 2015 and expected to reach US$101 billion in 2018 (Gartner) and US$170 billion by 2020 globally, while the Middle East Cybersecurity market is expected to reach around US$10 billion by 2019, double the US$5 billion it was worth in 2014”.
Dubai, UAE, August 3, 2017 – Digital Shadows, the industry leader in digital risk management, today unveiled a new report called: ‘The Pressing Need for Digital Risk Management’ from top analysts at the Enterprise Strategy Group (ESG) looking at the growing importance and rates of adoption of Digital Risk Management in business today.
Dubai, UAE, July 30, 2017– Mimecast Limited (NASDAQ: MIME), a leading email and data security company, today announced the results of its third quarterly Email Security Risk Assessment (ESRA), a report of the results of tests which measure the effectiveness of incumbent email security systems. This quarter’s assessment noted a continued challenge of securing organizations from malicious attachments, dangerous files types, impersonation attacks, as well as spam – with nearly a quarter of “unsafe” email being delivered to users’ inboxes. Among the email security services assessed, the tests found that using Mimecast in conjunction with prominent cloud-based email service providers, including Google G Suite and Microsoft Office 365, would substantially improve results by blocking thousands more email-borne attacks. The report indicates the need for organizations to enhance their cyber resilience strategies for email with a multi-layered approach that includes a third-party security service provider.
Comment by Vijay Michalik, Industry Analyst, Digital Transformation, Frost & Sullivan
AI to present growth opportunities by leveraging thought-controlled interaction with machines, finds Frost & Sullivan’s TechVision team