Email Security Breaches: Common Causes and 7 Recent Breaches to Learn From

What Are Email Security Breaches? 

Email security breaches occur when unauthorized individuals gain access to an organization’s email accounts or intercept email communications. These breaches can lead to the loss of sensitive information, financial damage, and harm to an organization’s reputation. They exploit vulnerabilities in email systems or human error, leading to unauthorized access and data theft.

There are two main types of email security breaches:

• External breaches are orchestrated by individuals or groups outside the organization. These attackers seek to gain unauthorized access to email accounts and sensitive information through various means, including phishing, malware, and exploiting vulnerabilities in email systems or network security. 
• Internal breaches occur when individuals within an organization—whether intentionally or accidentally—compromise email security. They can result from actions like sending sensitive information to the wrong recipient, mishandling access privileges, or an insider maliciously accessing or distributing confidential data. 

Common Causes of Email Security Breaches

Here are the most common methods used to breach email systems.

Phishing

Phishing involves sending fraudulent emails that mimic legitimate sources to trick recipients into providing sensitive information or clicking on malicious links. These emails often create a sense of urgency or imitate a source of authority, prompting users to act quickly and forget their usual caution. Attackers use this tactic to steal login credentials, personal data, and financial information.

Phishing attacks can be simple, automated attacks, or sophisticated, personalized campaigns, as with spearphishing, where attackers target privileged individuals with personalized messages, increasing the chances of success. Organizations combat phishing through user education, spam filters, email authentication protocols, and dedicated anti-phishing solutions.

Malware

Malware encompasses harmful programs, including viruses, worms, and spyware. Attackers commonly attempt to spread malware via email. It can then infect a recipient’s device, leading to data corruption, unauthorized access, and system failure. Emails carrying malware typically contain attachments or links that execute the malware upon opening.

To mitigate malware risks, organizations should enforce strict email attachment policies, regularly update software to patch vulnerabilities, and employ antivirus and anti-malware solutions. User education on the dangers of unsolicited attachments is also crucial in preventing malware infections.

Ransomware

Ransomware is a type of malware that encrypts the victim’s data, demanding a ransom for the decryption key. It is often distributed through malicious email attachments or links. Once activated, ransomware can spread across networks, locking out users from critical files and systems.

The best defense against ransomware includes regular data backups, prompt application of security patches, and strict email screening processes. Organizations also invest in cybersecurity awareness training, teaching employees to recognize and report potential ransomware delivery mechanisms.

7 Recent Email Security Breaches 

Here are some examples of high-profile email breaches in the real world.

1. Microsoft Cloud Email Breach

In June 2023, Microsoft cloud email accounts across various U.S. government agencies were compromised, marking a severe breach of sensitive communication channels. Among the affected were high-profile individuals, including Commerce Secretary Gina Raimondo, U.S. Ambassador to China Nicholas Burns, and other officials within the Commerce Department. 

The breach resulted in the theft of approximately 60,000 emails from 10 accounts associated with the U.S. State Department. Its discovery led U.S. Senator Ron Wyden to call for a comprehensive federal investigation to evaluate if “lax security practices by Microsoft” contributed to the vulnerability that enabled the hack. 

The threat actor gained access to the sensitive file containing the Azure Active Directory key by compromising a corporate account belonging to a Microsoft engineer, which was used to forge authentication tokens. 

2. Barracuda ESG Appliances Attack

On May 19, 2023, a critical security alert was raised by Barracuda regarding a discovered vulnerability in its Email Security Gateway (ESG) appliances. This vulnerability, labeled CVE-2023-2868, had been actively exploited, leading to compromises in several ESG appliances. 

Despite Barracuda’s efforts to mitigate the issue with a rapid deployment of a patch and an additional update by May 21, 2023, the damage had already reached a number of customers. Further investigations revealed that the exploit had been active since October 2022. 

On June 6, Barracuda issued an action notice advising affected customers to completely remove the compromised hardware. It was estimated that approximately 11,000 ESG appliances were operational. Barracuda provided replacement products to impacted customers.

3. U.S. Department of Defense Phishing Attack

In late April 2022, a Californian man was found guilty of orchestrating a scheme that led to the theft of $23 million from the U.S. Department of Defense (DoD) and one of its vendors. He was convicted on multiple charges, including identity theft, wire, mail, and bank fraud.

The scam targeted a DoD contractor tasked with supplying jet fuel to U.S. troops in Southeast Asia. Posing as a legitimate employee from New Jersey, the criminals managed to redirect over $23 million meant for the legitimate corporation. 

By creating fraudulent email accounts and websites that mimicked the General Services Administration’s (GSA), the attacker and his accomplices sent phishing emails to various DoD contractors. These emails contained links leading to phishing sites designed to harvest login credentials, which were then used to alter banking information within government systems.

4. City of Portland BEC Attack

The City of Portland, Oregon, became a victim of a sophisticated Business Email Compromise (BEC) scam in April 2022, losing $1.4 million. The cybercriminals impersonated a non-profit organization, Central City Concern, through fraudulent emails. 

Despite the city treasury’s initial suspicion due to a mismatch in the account name on the wire transfer request, confirmation was sought from the supposed non-profit. The fraudsters, maintaining their guise, confirmed the transfer details, leading to the unauthorized transaction.

This security breach was only discovered after a second, similar fraudulent attempt was made, which prompted an investigation. The hijacked email account had been accessed from various locations worldwide, including Nigeria, Texas, and Germany. In response to this breach, Portland city officials have heightened their cybersecurity measures.

5. Kaiser Permanente Unauthorized Email Access

Kaiser Permanente, a healthcare provider, experienced a data breach in April 2022, affecting up to 70,000 patients. Unauthorized access to an employee’s email account led to the exposure of sensitive patient information, including full names, medical record numbers, dates of service, and laboratory test results. 

Although financially sensitive details like Social Security numbers and credit card information were not compromised, the breach exposed health data. The breach was contained within hours of its discovery.

6. OpenSea Data Breach

In June 2022, the NFT marketplace OpenSea suffered a data breach when an employee of its email delivery vendor, Customer.io, illicitly obtained and shared email addresses of OpenSea users and newsletter subscribers with an external party. OpenSea security issued a warning to all account holders and newsletter subscribers to assume their email addresses were compromised.

The breach affected 1.8 million individuals who had made purchases on OpenSea through the Ethereum network, according to Dune Analytics data. An investigation of the incident discovered that the same Customer.io employee also leaked the email addresses of customers from five other companies.

How to Prevent Email Security Breaches 

There are several measures that organizations can take to reduce the risk of an email security breach.

1. Security Awareness Training

Employees should be educated about the various types of email threats, how they operate, and the consequences of breaches. Training should provide knowledge of how to recognize and avoid malicious emails, including identifying phishing attempts, using strong passwords, and securely handling sensitive information. Interactive sessions, regular updates, and phishing simulations are useful for security awareness training.

2. Use Multi-Factor Authentication (MFA)

Multi-Factor Authentication (MFA) adds an extra layer of security to the email login process by requiring users to provide two or more verification factors to gain access to their accounts. This reduces the risk of unauthorized access because even if attackers obtain a user’s password, they still need additional verification, such as a fingerprint, security token, or code sent to the user’s phone. 

3. Implement DMARC

Domain-based Message Authentication, Reporting, and Conformance (DMARC) is an email validation system designed to protect organizations’ email domains from being used in email spoofing, phishing scams, and other cyberattacks. It allows domain owners to publish policies in their DNS records that define actions to be taken when an email fails DMARC authentication checks, including reporting the failure, quarantining the message, or rejecting it. 

4. Monitor and Analyze Email Traffic

Continuous monitoring and analysis of email traffic aid in detecting suspicious activities that could indicate a security breach. This involves scrutinizing inbound and outbound emails for malware, spam, phishing attempts, and other anomalies. Organizations can use real-time email security monitoring tools to quickly identify and respond to potential threats. 

5. Use Anti-Virus and Anti-Malware Solutions

These tools scan emails and their attachments for malicious software and quarantine or delete infected files, preventing them from causing harm. It’s important to choose solutions that can detect a wide range of threats, including viruses, worms, spyware, and ransomware. Advanced email security solutions include capabilities for identifying, blocking, and remediating malware-based email threats.

6. Leverage AI-Powered Email Security Solutions

Traditional security measures often fall short against sophisticated threats. AI-powered security solutions can match the complexity of AI-based attacks by employing Natural Language Processing (NLP) and Generative AI (GenAI) models to understand an organization’s communication patterns and relationships. This enables detection of social engineering attempts, such as BEC, impersonation, and phishing attacks. 

Preventing Email Security Breaches with Perception Point

Perception Point’s AI-powered Advanced Email Security contains multiple scanning engines and threat intelligence for enhanced protection against email security breaches from phishing, malware, and ransomware. 

For advanced threats, the solution leverages hardware-based and software-based tracking to identify evasive threats. Proprietary software algorithms scan code at the CPU-level to intercept attacks at the earliest stage possible – the exploit – before malware is even delivered. 

Perception Point is easy to deploy, analyzes email in seconds, and can scan email traffic at any scale, leveraging the flexibility of the cloud.

Learn more about Perception Point Advanced Email Security