Unsolicited commercial email, or spam, represents a major impediment for many organisations, slowing down networks and impacting productivity. But that’s not all, because spam is also a recognised primary entry point for delivering malware such as ransomware and Trojans.
So, aside from the nuisance factor, spam represents a significant threat vector that needs to be taken seriously. And seasonal holidays are proving a clarion call for hackers to up their spam bombardment efforts with topical phishing scams designed to draw in unsuspected recipients.
Seasonal and themed scams
Over the Christmas period, Barracuda Networks’ labs team noted a significant upsurge in malicious phishing email volumes, particularly fake retailer and courier confirmations.
And, in the run up to Valentine’s Day, the BBC reported an uptick in criminals committing ‘romance fraud’; trawling through profiles to elicit information and better target ‘lonely hearts’.
Capitalising on holidays, other notable events like Black Friday, or trending news has become the modus operandi for criminal spammers. The research has also found that natural disaster events and even the death of celebrities can trigger a spike in themed spam.
If the public shows an interest in a topic, then the spammers get to work.
Spam attack mechanics: how it works
Having identified a topic, spammers will craft a message designed to appeal to the target market. If it is a phishing campaign aimed at the general public, employees may well be at risk.
Typical approaches include a well constructed email that sets out convince recipients to send money to a friend or colleague, or an email containing an embedded link that takes recipients to a site where they can make a legitimate purchase from someone looking to sell or use these details for other purposes.
Other approaches put enterprise security at risk. These include spam emails that contain a malicious URL that takes recipients to a fake website hosting a malicious download or web form.
Other emails may be sent with a malicious attachment that, once opened, downloads malware that connects the computer to a botnet, encrypts files or installs a backdoor.
Spam security: first steps
IT professionals should regularly review their email security strategy and evaluate the current state of play. Is the infrastructure rigorously defended? Has the threat environment moved on in recent months? Has the enterprise appropriately adjusted its preparations to cope? Are users well informed and prepared to defend themselves?
When reviewing an email security strategy, use a quick checklist to break down this task:
· Email security gateway – check that an update or patch management programme is in place and that logs and alerts are regularly reviewed. For hosted email solutions, ensure that they have been configured to be as secure as possible.
· Endpoint anti-virus and anti-malware – ensure this is in place, updated and strengthened with real-time scanning.
· Disaster recovery – review email archiving and backup processes are in place and operational.
Next, review the processes and procedures that are in place to inform and support users. It’s good practice to regularly remind users never to give out sensitive information, open strange attachments or click on links in suspicious emails. Use surveys or other methods to assess the overall skill level of users:
· Can they recognise suspicious emails – do they know the characteristics to look for when evaluating whether or not an email contains something malicious?
· Do they know what precautions to take if unsure of an email?
· Are they familiar with email security processes and procedures – do they know how to report spam or use a blacklist?
· Are they aware of the latest email tricks and threats?
Use this evaluation and discovery process to create an action plan to address identified gaps and potential weak spots.
Spam security: a step further
Spammers are constantly evolving their methodologies and approaches. So, implementing an ongoing awareness programme for users will help to ensure everyone stays up-to-date with the latest techniques and scams.
Regular emails or an intranet newsfeed can be highly effective at keeping staff informed of the latest threats and recommended responses.
Having undertaken a review of the current email security strategy, this is the ideal time to look ahead to the future.
Consider the scalability of existing solutions and the long-term sustainability of current security systems. If needs change, can the existing security infrastructure respond?
Having evaluated email backup and archiving procedures, move on to check actual email system recovery speeds; in the event of a disaster, would it be possible to restore messages and archives for all users?
Finally, going beyond simple spam and virus filtering may be the logical next step. With cyber criminals constantly upping their game and targeting enterprises of every scale and size, more advanced threat detection, pre-filtering, outbound protection, DoS protection and encryption capabilities are fast becoming security must-haves.
What’s in the pipeline?
Experience has told us that criminals will continue to look to exploit significant events throughout the year. The end of January was another hot spot of activity as people rushed to complete self-assessment online tax returns.
Meanwhile in the US, the tax-filing deadline of 15th April typically triggers a spike in spam volumes. These emails usually attempt to lure victims by promising tax rebates, tax forgiveness or even offers of employment in a tax processing related field.
Other approaches include threats related to failure to complete returns appropriately, or demands for unpaid taxes.
Looking ahead, with summer holiday bookings and Easter on the horizon, there’ll no doubt be a proliferation of unsolicited messages impacting network bandwidths and email system performance around these events.
Taking time to understand the existing e-mail security environment and maximise protection against spam and virus surges will be vital to ensuring the enterprise remains safe from this enduring threat.
Sourced by Wieland Alge, VP and GM EMEA at Barracuda Networks