My recent posts have discussed identifying commonalities in new occurrences of spam, and concerns to keep in mind regarding indirect attacks using email as a vector. A strong perimeter defense and solid virus protection, along with an effective anti-spam solution can lull us into a false sense of security. The seemingly constant stream of unwanted mail begins to look like little more than an annoyance and not a continuing threat. In this post let’s examine technically other methods of attack, how to recognize them, and ways and means to defend against them.

Attacks against email servers, systems, and infrastructure are in many ways similar to attacks against other Internet-facing services, but are different in several important ways. Just as a concerted attack that brings down your Web servers stops communication with customers, vendors, and others on the Internet, the same is true for email communication attacks.

Continue reading Email Attacks and Defense Against Them

In an interesting case showing just how powerful email can be, an Israeli snack company had its stock plummet after an HP employee sent a malicious email to thousands claiming their “Bamba” brand snack was linked to several infant deaths. The claim was false but the damage was already done:

 

In less than three days, the email was sent to tens of thousands of people, and was featured in numerous internet forums. The content of the email was also disseminated by SMS and word of mouth. In parallel, company workers entered various parenting and childcare forums online, clearly identifying themselves as belonging to Osem’s customer-service department, and reassuring surfers that Bamba was safe.

At least some damage had already been done. The e-mail sent Osem stock spiraling south, falling as much as 6% before rallying to close only 1% lower, on enormous turnover - for Osem – of NIS 27 million. 

Continue reading Malicious Email Causes Company’s Stock to Plummet

Microsoft released its Security Intelligence Report this week, providing some interesting insights into vulnerabilities and security trends. According to the report, several common operating systems have dropped. Much of that can be attributed to the general trend among attackers to target applications themselves, rather than the OS, a trend that has been noted by several security vendors who have focused more recently on application-based security.

The 150-page report said that over 90 per cent of the flaws reported were application-based.

The report covers the first half of the year, and discovered that the total number of vulnerabilities has been consistently falling. On the downside, the report notes that although reported vulnerabilities have decreased, the number of high-severity issues increased.

Continue reading Microsoft’s Security Intelligence Report Highlights Email Threats