In October 2013, 153 million Adobe accounts were breached, with each containing clear text email addresses for their customers. The password cryptography was poorly done and many passwords were easily decrypted as well. Since the activation and licensing of Adobe’s suite of products requires a valid account on Adobe’s servers; cyber criminals quickly identified these as valid email addresses and a plethora of phishing emails and spam soon followed.
In light of incidences like this and the availability of large databases of valid email addresses, there is an urgent requirement to protect legitimate email accounts from the virus-infected and malicious link phishing emails cyber criminals send out by the millions. Indeed, when it comes to this kind of attack, cloud-based email protection services can provide more than just anti-spam capabilities and content filtering features.
Of particular interest is the importance of filtering the common business email accounts like [email protected]; ap (accounts payable); ar (accounts receivable); hr (human resources) and of course [email protected] It’s even better when these accounts are distribution lists to multiple internal email addresses. Even if you’re sceptical of the cost of protecting everyone’s email inbox; putting protection in place for your company’s generic email accounts is a “quick-win” to reduce the spam volumes and phishing emails.
One of the key advantages of a hosted email protection service is that it sits in front of the mail infrastructure restricting the IP addresses of the connecting email servers. Configuring your mail exchange (MX) records to send mail to the hosted service for scanning, and then configuring your email server and firewall to only accept connections from the hosted protection service provides robust protection against email threats. This configuration ensures that only email that passes through the scanner is sent to your on-premise email server.
This configuration also allows the hosted email protection service to monitor the volume of messages originating from your on-premise email server. A sudden spike in the number of sent messages could indicate a major problem inside the host network.
Why is this important?
One of the ways cyber criminals break into your company is by connecting to your email server directly. Clearly you can see the value of IP address restrictions on limiting the allowed list of connectors to an on-premise mail server. This network reconnaissance technique of direct connection is almost completely thwarted by a defence-in-depth strategy.
Since cyber criminals are unable to connect directly, it will be impossible for them to know which email server software you run. That makes it very difficult to find vulnerabilities to exploit. This issue is important if older versions of Exchange are being run on older hardware with limited capacity.
Running a hosted mail protection service makes a lot of sense to defeat some of the most common attacks in use by cyber criminals, such as those listed below.
1. Buffer overflows
Buffer overflows will happen if an on-premise email server is hit with large quantities of data. A hosted email protection service is almost infinitely scalable to meet high load demands.
Malicious attachments and malicious web links are frequently sent via email to business users. Hosted email protection solutions quarantine these emails before they are delivered to the on-premise email server.
3. Mail flooding outbound and inbound
Large volumes of inbound email are processed and filtered before being passed on to the on-premise email server; this saves the bandwidth and processing capability of the email server for legitimate email traffic. Outbound email floods are easily detected from a possibly compromised or misconfigured device.
4. Denial of Service (DoS)
The arrival of large volumes of email over a limited-bandwidth DSL or Cable Modem connection will degrade all external hosted services and render other Internet services, such as VPN or Remote Desktop, unusable.
Increasingly, email has become “the” critical business service, but our own systems support the worldwide statistics claiming that almost 70% of email traffic worldwide is spam or malicious (see graph below). In 2014 the percentage of spam in email traffic is forecasted to remain roughly the same. Among malicious attachments there is growth in malware (or links to malware) designed to steal confidential data, especially passwords and logins for social networking sites and, of course, banking systems.
With statistics like this from our own systems, we can infer that the threat of malicious attachments, and increasingly malicious web links is a danger to anyone receiving and sending email – that accounts for almost every business in the Internet-connected world.
Ian Thornton-Trump, CSA+, CD, CEH, CNDA is CTO at Octopi Managed Services Inc. Ian is an ITIL certified Information Technology (IT) consultant with more than 20 years of experience in IT security and information technology. He enjoys and maintains a strong commitment to the security community. From 1989 to 1992, Ian served with the Canadian Forces (CF), Military Intelligence Branch; in 2002, he joined the CF Military Police Reserves and retired as a Public Affairs Officer in 2013.
You can follow Ian on Twitter® at @phat_hobbit.
To find out how MAX Mail can help with your email security needs, download our free MAX Mail Email Security Guide