Retarus Press Release
Nothing is as it seems: 98 Percent of phishing mails from Russia mask their domain endings
Retarus reveals how companies can protect themselves
Sydney, 07/07/2022 // The security experts at Retarus have issued a warning about the growing number of disguised phishing attacks emanating from Russia. According to a recent analysis published by the enterprise cloud service provider, 98 percent of the emails classified as malicious could not be conclusively attributed to Russia based on their domain endings, rendering the blocking of emails at the domain level futile. Retarus advises companies to take this into consideration as far as their email security solutions are concerned – and to take the appropriate measures.
Unless they have business contacts in Russia, it is generally recommended for companies to identify and automatically block all Russian emails based on the GeoIP, before they even have the chance to enter the company network. This can be achieved with technologies such as Retarus Predelivery Logic. Beyond this, companies should take steps to sensitize their employees regarding Russian phishing attacks.
Directing email traffic into the correct lanes
With Retarus’ Predelivery Logic service, emails are already analyzed and can be blocked, if necessary, based on individual rule sets at the security gateway – before they ever reach the recipient company’s infrastructure and cause damage there. The rule sets in Predelivery Logic allow identification according to “Source IP Country” and the automatic triggering of appropriate measures. Depending on how the service has been configured, this could mean isolating the message in the user quarantine, for instance. The service also gives companies the option of recognizing the language in the message body, in addition to the geographic origin of the message, and using this as the basis for activating automatic rules.
To complement these customer-specific options available in Predelivery Logic, Retarus is also responding to the current state of affairs by keeping an eye on the development of the situation at the infrastructure level and staying in close contact with the competent authorities. If necessary, the experts at Retarus apply immediate measures, such as blocking the offending IPs and domains, without the customer having to take any action. The respective measures are then continuously reviewed and adapted as required.
Beware of Russian third-party providers
Just recently, in connection with Russia’s attack on Ukraine, the German Federal Office of Information Security (BSI) spoke of an “increased non-specific threat situation” and explicitly warned companies against the use of Kaspersky solutions as a result of security concerns. Companies are urged to check whether the email security solutions they are using contain any Russian components.
“After Russia launched its attack on Ukraine, we immediately replaced Kaspersky’s products and solutions with those of another provider to avoid taking on any security risk,” explains Martin Hager, founder and CEO at Retarus. “With our Advanced Threat Protection, Post Delivery Protection, and the infrastructure services offered by the Retarus Secure Email Platform, we provide our customers with optimum protection at all levels against treacherous cyberattacks from Russia.”
About Retarus
Retarus is a global provider of API