Cisco Cisco Email Security Appliance X1070 White Paper
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 1 of 7
White Paper
Cisco Outbreak Filters
Spear phishing and targeted attacks using new tools and more reconnaissance are on
the rise. Cisco Outbreak Filters are designed to combat smarter attackers and
sharpened tactics. This paper outlines a variety of these attacks, as well as what
Cisco Outbreak Filters are, how they work, and their configuration options.
the rise. Cisco Outbreak Filters are designed to combat smarter attackers and
sharpened tactics. This paper outlines a variety of these attacks, as well as what
Cisco Outbreak Filters are, how they work, and their configuration options.
A Turning Point
In late 2010, spam volume showed the first signs of decreasing. Starting in October 2010, several prolific
spammers were and several botnets were shut down.
These arrests, combined with the shutdown of the botnet command and control infrastructure used for sending
threats, have contributed to the drastic reduction in spam volumes. While there are still systems sending massive
volumes of spam, there has been a definite change in tactics. In addition to sending bulk spam blasts, attackers
are now increasingly sending specially crafted targeted attack messages in attempts to avoid antispam
security systems.
Staying Ahead of Targeted Attacks
Historically, spam email was easy to identify because it was full of grammar, spelling, and punctuation errors, and
used formal language. Now, attackers have polished their language and content along with their overall message,
making it more difficult to distinguish a real email from spam.
Targeted attacks represent less than 1% of the inbound spam messages faced by organizations globally. These
attacks are categorized as:
●
Advanced Persistent Threats (APTs): These messages are sent as part of a broader attack that attempts
t
o break into an organization’s network over an extended period of time.
●
Spear phishing and whaling: These messages are targeted toward specific individuals in an attempt to
steal money or information. An example is a targeted attack on an organization’s Accounts Payable group in
an attempt to install software that steals the organization’s banking information.
an attempt to install software that steals the organization’s banking information.
Targeted attacks use data that can easily be harvested from social networking sites such as Facebook and
LinkedIn. By including city names or a targ
et’s name, or by making an email appear to be from a friend or business
associate, attackers increase their chances of success. Attackers know the weakest link in the security chain is the
general end user - and they know that social engineering is providing the highest level of returns.
Staying ahead of these attacks takes a coordinated effort. Cisco Outbreak Filters technology is designed to tackle
this challenge, using a combination of Cisco SenderBase
®
information about “bad” email senders; Cisco
SensorBase
™
information that has been collected by Cisco security appliances; and Outbreak Intelligence, a web
scanning technology. Cisco Outbreak Filters use refined rule sets to inspect emails, a dynamic quarantine to hold
suspect emails for rescanning, and Outbreak Intelligence to scan suspect URLs.