GTMaritime continue to combat modern cybercrime techniques

GTMaritime continue to combat modern cybercrime techniques

2nd May 2018 Press Release 0

Before the advent of email, information was no more secure than it is today.  However, it was harder to intercept, process and meaningfully group the data retrieved from the thousands of individual postal letters which were the basis for official business communications.  This practise is typified by banks who send out cash cards and their associated PINs via two separate letters of communication.  This isn’t a particularly secure practise despite the two letters being sent several days apart.  However, the time involved and the likelihood of intercepting both pieces of mail without detection makes it less appealing to most thieves.

Over the past 40 years, computing and connected systems have evolved from obscure pieces of equipment in university and research laboratories through to mainstream business and general home use.  The last decade gave rise to the smart phone era, placing an always accessible computer in everybody’s pocket.

 Whilst previous generations consumed news the day after it happened in the newspapers and sent postcards from holidays, the modern user is aware of everything as it happens through 24/7 live news feeds, with family news broadcast continuously via social media sites such as Facebook.  Younger generations are using Snapchat, Instagram and Twitter to communicate in new ways and providing up to the minute details of their current activities.

We live in the age of information and sharing information has never been so easy … or so dangerous.

While this increased connectivity has benefitted us in many ways, it is also a major contributing factor to cyber security threats.  Systems are highly accessible, and information is stored in a way that allows simple copying, storing and sorting.

In the early days of computer networking, users would leave files in directories for the attention of other users.  This practise of information sharing quickly became more selective with each user having their own file where new information could be appended.  Directing messages through a network to append another user’s file quickly evolved to form the basis of modern day email.

In 1972, the first operating system with network capable ‘email’ was available and before the end of the 1970’s the first spam message had already been sent when Gary Thuerk sent an unsolicited message to 400 of 2,600 ARPAnet users.  Currently, there are approximately 413 billion spam messages generated every day which David Reiley (Google) and Justin Rao (Microsoft) have estimated at a $20 billion cost to the global economy in lost productivity.  While the exact numbers and costs are difficult to be accurate about, we do know there is a cost to spam and other non-legitimate emails.  Here at GTMaritime we invest heavily in ensuring only legitimate email makes it through to our customers.  These defences make up the majority of our infrastructure costs.

Whilst spam is generally something of a nuisance for the end user, the distribution of software designed with malicious intent is a more significant concern.  The term ‘virus’ is often misused to refer to any type of malicious code but it is more accurate to use the collective term ‘malware’.  The virus itself has its roots in the earliest days of computing with the first examples of code capable of automatic self-replication being demonstrated in the early 1950’s.  Three decades later in the 1980s and 1990s, Univac, Apple and IBM as well as operating system giants, Microsoft had all fallen foul of malicious code designed specifically to disrupt machines, programs and networks alike.  During this time, lack of connectivity was a major contributing factor to the limitations of malware with shareable media such as diskettes being the primary method of infection.

Given the many attack vectors and ever-increasing number of threats, it is perhaps surprising that the first acknowledged email virus, named ‘Melissa’ and released in 1999, is still detected every month by virus software.  Since 1999, email based attacks have increased exponentially but the focus has changed.  Whilst the anarchistic disruption of networks and systems may have been the early motivation, modern day attacks are more for the purposes of reward.   Ransomware and spyware have become common place and ever more sophisticated methods are employed to avoid detection. 

Seemingly innocent emails can be used to trick the end users into parting with information or they may be encouraged to click on links which trigger malicious activity.  Others may target specific end users through social engineering. In this example the email itself does not contain any harmful code but the apparent originator and method of entry into the network may be manipulated to fool the recipient into carrying out a process which may result in lost revenue.  In this way an apparently harmless email can pass through multiple detection systems without triggering an alert and have catastrophic effects for a business.

20th year of service to the maritime industry

This year, GTMaritime celebrates its 20th year of service to the maritime industry.  The company has continued to evolve in line with the needs of the shipping industry and develop our products. As industry cyber security awareness has increased over the last few years, GTMaritime have led the market  by implementing more sophisticated threat detection and prevention systems always providing the highest levels of security to our customers. 

Before mail can be accepted into the GTMaritime network, the integrity of the sending server is checked against multiple reputable blacklist organisations.  Servers which do not confirm to proper configuration standards are denied a connection. 

Once a connection is established with a reputable mail relay server:

  • All inbound traffic is checked on a message by message basis. These checks  include, amongst others:
    • Originating IP address
    • Previous relay servers
    • Sender’s email address
    • Domain lookups
    • Message header checks
  • Further checks are conducted to identify known spamming practises .
  • Links contained in the message body are checked against domain blacklist databases.

Any discrepancy or suspect practise adds to an overall spam score with messages being rejected if they breach a preconfigured threshold.  Only after successful scrutinisation are these messages allowed into our relay servers.

  • The relay servers subject each message to two independent and disparate antivirus scanners designed to successfully weed out any instance of known virus code.

Despite already intense analysis, GTMaritime continue to combat modern cybercrime techniques by evaluating every attachment and embedded attachment for the presence of executable code.

 

GTMaritime have partnered with Last Line, a world leading organisation in Advanced Threat Protection (ATP)

Last Line’s ATP allows GTMaritime to delve into every line of embedded code to ensure no harmful event can be triggered.  Executing this code in a controlled environment whilst monitoring the outcomes gives conclusive evidence of attachment safety.  This prevents direct distribution of malware as well as attempts to trigger downloads from disreputable sources.  What ATP does not afford is control over the end user’s actions when they read the plain text words in the message body.

Phishing attempts that rely on the naivety of the end user are a common strategy.  Whilst no software can directly control the action of an end user, criminals are practised at using specific words and phrases to coerce users into carrying out manual steps which allow or initiate harmful activity.  GTMaritime have developed a solution designed to evaluate email content and identify known phishing tactics in a bid to warn the recipient of suspect content. 

Best Practice

The layers of email security provided by GTMaritime have built a strong defence against cyber threats, but the final and perhaps greatest defence will always be end user awareness.   E-mail vigilance should be practised by all with these few simple checks helping to minimise the risk:

  • If you do not recognise the sender, never click on attachments or links contained within the message.
  • Even when the sender is recognised, prompts to ‘enable macros’ or ‘enable editing’ for attached documents should be treated with suspicion.
  • Carefully check the sender address. If it is not exactly as you expect it to be, treat the email as suspicious.
  • Messages which insist that you act urgently should be treated as suspicious. If you recognised the sender, then raise a new email and contact them to confirm. Never respond directly via the suspect message.
  • Trust your instincts! If a message looks wrong, reads wrong or leaves you with a feeling that something isn’t quite right, treat it as suspicious.
  • Always report suspicious emails to your network authority or 3rd party provider.

Remember, cyber-attacks target people not just technology.  Cyber criminals are counting on your mistakes.