by Hoala Greevy Founder CEO of Paubox
Article filed in

Support for Base64 Encoding Added to ExecProtect

by Hoala Greevy Founder CEO of Paubox

 

Base 64 encoding support added to ExecProtect

In order to provide advanced protection against Display Name Spoofing, we recently added support for Base64 encoding to ExecProtect and Inbound Security.

In this blog post, we’ll discuss what it is, how it’s being abused, and how we added support for Base64:

What is Base64 Encoding?

Base64 encoding is a method used to represent binary data over mediums limited to printable characters only. In fact, email is one such medium and is a classic use case for Base64.

The name Base64 comes from the fact that each (binary) character is represented via 6-bits. In other words, 2 to the power of 6 equals 64.

In a nutshell, Base64 encoding is a way of taking binary data and turning it into text so that it’s more easily transmitted over mediums like email.

Why is Base64 Encoding used in Email?

Base64 encoding was originally used to accurately transfer email messages, including attachments, over the internet.

Unfortunately, this encoding technique is now being abused by bad actors (i.e. hackers) to deliver malicious Display Name Spoofing attacks.

How are Bad Actors using Base64 to Avoid Detection?

As we covered in this post, bad actors use Display Name Spoofing to exploit organizations. They do this by relying on authority, sophistication, and the fact that a majority of email is now read on smartphones.

Learn more: Executive Protection for Display Name Spoofing

Taking it up a notch, bad actors are also using Base64 encoding to evade detection by email filters.

For example, let’s say a bad actor wanted to impersonate the CEO of an organization via Base64 encoding.

If the CEO’s name is Laurie Bream and her email is laurie.bream@raviga.com, the From: address field would normally look like this:

From: “Laurie Bream” laurie.bream@raviga.com

Using Base64 however, it can be obfuscated to read:

From: IkxhdXJpZSBCcmVhbSIgPGxhdXJpZS5icmVhbUByYXZpZ2EuY29tPg==

Without Base64 encoding support, this obfuscated Display Name Spoofing attack would pass through undetected.

How we added support for Base64 Encoding in ExecProtect

As a recap, ExecProtect is a feature within our Inbound Security solution that protects against Display Name Spoofing attacks.

By adding preprocessing support for Base64 encoded email to ExecProtect, we’ve taken our patent-pending solution for Display Name Spoofing attacks up a notch.

See it in action for yourself with a free trial.

Try ExecProtect for FREE today.