> Insiders at GCHQ and the FCDO said the attacks were enabled by a member of staff “probably accidentally” downloading malware hidden in an email.
Whoever makes an email program with a good sandboxing feature will be rich. I guess it's difficult, if you get an AutoCAD file do you spin up AutoCAD inside a sandbox? (Not saying that AutoCAD files are at risk of carrying malware).
Considering GCHQ are supposed to be good at this kind of thing I imagine the place is on fire and mandatory anti-phishing training is being drilled into everyone on site…
A component of my work is phishing and security awareness training. Training is important, but a well crafted attack is unlikely to be defended against by your median human. It only takes once to not inspect headers or DMARC indicators if the message is questionable. You need technical controls to do a lot of the lifting (secure authenticators negating credential exfiltration, aggressive malware detection, etc). We need better tools to detect and quarantine code transiting email that should not be executing. This is interestingly a similar problem to what providers of function running systems (lambdas and low/no code SaaS) face when executing arbitrary code as part of customer requests (sandbox, security observability and boundaries, etc).
Cloudflare makes this browser which is just a video steam of a browser running on a remote machine. Seems like a brilliant (but expensive) workaround for opening emails on devices connected to sensitive networks.
Whoever makes an email program with a good sandboxing feature will be rich. I guess it's difficult, if you get an AutoCAD file do you spin up AutoCAD inside a sandbox? (Not saying that AutoCAD files are at risk of carrying malware).