Trustwave Blog

Strengthening Email Security: DOJ Disrupts Russian Spear-Phishing Campaign

Written by | Oct 9, 2024

The need for an iron-clad email security solution is once again making headlines.

On October 3,the US Department of Justice (DoJ) reported that, working with Trustwave partner Microsoft, it had disrupted a Russian government-based scheme to steal Americans’ sensitive information, using seemingly legitimate email accounts to trick victims into revealing account credentials.

The DoJ partially unsealed a warrant authorizing the seizure of 41 internet domains used by Russian intelligence agents and their proxies to commit computer fraud and abuse in the United States. The department worked in tandem with a Microsoft civil action to restrain 66 internet domains used by the same actors, the DoJ said.

“Today’s seizure of 41 internet domains reflects the Justice Department’s cyber strategy in action – using all tools to disrupt and deter malicious, state-sponsored cyber actors,” said Deputy Attorney General Lisa Monaco.

According to the partially unsealed affidavit filed in support of the government’s seizure warrant, the seized domains were used by hackers belonging to, or criminal proxies working for, the “Callisto Group,” an operational unit within Center 18 of the Russian Federal Security Service (FSB). The group committed violations related to unauthorized access to computers, obtaining information from US government departments or agencies, unauthorized access to protected computers, and causing damage to protected computers.

The Callisto Group conducted an ongoing and sophisticated spear-phishing campaign to gain unauthorized access to the computers and email accounts of the US government and other victims, the DoJ said. Their targets included US-based companies, former employees of the US Intelligence Community, Department of Defense and Department of State employees, US military defense contractors, and staff at the Department of Energy.

Spear phishing is a highly targeted form of phishing attack where the attacker sends a personalized email or message designed with specific information tailored to trick the targeted individual or organization into revealing sensitive information or clicking on a malicious link.

It is essential to understand that there are multiple steps organizations can take and that services are available to help protect against email-based attacks.

 

Guarding Against Nation-State and Criminal Email Attacks

Trustwave SpiderLabs Research Manager Phil Hay shared some actionable advice for organizations looking to stay ahead of advanced email threats.

“The traditional approach of security in layers works really well,” Hay said. “Knowing what’s right for your environment, training your organization, testing new tools in parallel with your existing devices and software, and having a tool that can carry out a set policy is key.”

No single tool will completely protect you against email attacks - instead, an organization must have a strong process, good training, and tools to help ensure there’s defense across multiple levels.

Top Email Security Recommendations:

  • Enable Multi-Factor Authentication (MFA) on accounts wherever possible to invalidate credential account attacks. Microsoft found that 99% of compromised Microsoft accounts they observed did not have MFA.
  • Have a second form of verification and validation before changing bank details or sending payments over email.
  • Provide annual security refreshers for the whole organization. Covering phishing and overall security awareness will teach employees what attacks they may individually face and give them a plan of action.
  • Use a secure email gateway (SEG) like Trustwave MailMarshal, optimized for your organization.
  • Set a policy on how the organization will handle different file types that are sent over email.

 

The Power of Trustwave MailMarshal: Battle-Tested Email Security Defender

Trustwave MailMarshal offers a sophisticated multi-layered approach to email security to reduce false positives and protect against spam, gateway attacks, viruses, phishing attempts, and malicious URLs embedded in an email. In addition, it provides complete email protection against phishing, spear–phishing, and business email compromise (BEC).

MailMarshal provides layered protection against email-based threats, capturing all forms of threats to protect your environment and reduce the burden on your security team.

  • Protects against ransomware attacks, BEC, phishing scams, malware, and Zero-Days
  • 99.99% malware and exploit capture rate
  • < 0.001% spam false positives
  • Layered threat intelligence, powered by telemetry from 5,000+ global MSS/ MDR clients and ML-powered algorithms
  • Granular control of internal SMTP traffic
  • Decades of leadership in email security supported by Trustwave SpiderLabs elite threat detection security team
  • Deploy on-prem or hybrid cloud
  • Complements Microsoft 365 and other cloud email services.