Malware-pushing criminals are no longer finding as much profit in email-based exploits, but the National Institute of Standards and Technology says cyber-crime perpetrators may find that easier lines of attack lie in infiltrating social media platforms.
NIST released its April IT Laboratory Bulletin last week to discuss a new build solution for end-to-end email security.
Working with the private sector, NIST’s National Cybersecurity Center of Excellence created a platform that uses Domain Name System security extensions and authentication to ensure the validity of email signatures. In two separate test scenarios NIST ran, a fraudulent actor attempted to pose as a trusted email source, and the security platform thwarted the spoofing attack.
Organizations rely on mail servers to encrypt emails, but too often that security mechanism falls short. Phishing campaigns and malware-ridden links still represent some of the largest contributors to confirmed data breaches across Federal networks.
NIST said that security platforms like the one it developed add an extra layer of protection, but a lack of easily used software libraries and deployment tools often prevents widespread use. So, a NIST Special Publication includes a how-to guide.
These recent strides in email security could signal a shift in the exploit patterns of cybercriminals, NIST said.
“As email becomes a more difficult medium for malicious entities to use as a penetration vector, other web-based media will be more intensively exploited,” NIST declared.
Referencing “emerging communications trends” from Facebook and LinkedIn, among others, NIST said more research needs to be done to extend protections like DNS authentication to web applications to combat whatever new shape fraudulent correspondence might take in the future.