According to most reports, the amount of email spam is diminishing.

Experts credit the takedown of massive botnets like Rustock, a more educated user base and advancements in spam fighting technologies for this trend. However, even though one of the most annoying, and troublesome, threats to email accounts is on a downswing it doesn’t mean for one second that email is no longer a part of the IT infrastructure that is vulnerable to threats.

Understanding the different ways cyber criminals and script kiddies can use vulnerabilities in email clients and servers to attack a system will help any email administrator keep email services running smoothly, and the entire infrastructure safe from a great number of exploits that can do some serious damage. Continue reading Addressing Three Major Email Threats

For those of you who haven’t heard of Loggly, Loggly is cloud based service for complete application intelligence for app developers.  Loggly uses log data to collect, analyze, troubleshoot and monitor your applications. They are a heavy user of Amazon’s Web Service hosting, and recently experienced a truly stellar outage of massive proportions. You can read about that on a Loggly blog post here which I encourage you to do. However, I am not here to talk about lessons learned about hosting and availability, and putting eggs in consolidated baskets. Nor am I planning to talk about on premise versus hosted, and the perceived dangers of the cloud. It’s what happened to Loggly and how they went unaware of the impending freight train heading their way that I want to discuss, because there are some great lessons to learn from that little subset of their blog post. Continue reading Lessons Learned from the Loggly Outage

Every year, the Online Trust Alliance publishes its Online Safety Honor Roll and Scorecard to measure the adoption of security measures across the Internet.

Basically, it is a report card of measuring the steps public and private companies, as well as government agencies, are taking towards cyber security.

This year email made some promising gains when it comes to authentication. Continue reading Email Authentication More Important Than Ever

So you have been tasked with securing your organization’s email services.

There are quite a few guides available on the Internet and in different computer bookstores that can take you through the basics – and if you are ahead of the game you may have already done your homework. Continue reading Secure Your Desktop – Protect Your Email

Advanced persistent threats make email security a necessity

Most email administrators consider security to be a large part of what they do. With so many laws and regulations governing the storage, discovery and retrieval of email messages, security has become a second job to many.

Unfortunately, many administrators either forget, or simply aren’t aware, that securing email requires much more effort than hardening the email servers against attack. In order to fully protect your organization’s email and their contents the mailbox also needs to be defended. Especially when you consider how popular Advanced Persistent Threats are becoming with large cyber crime syndicates who use email not only as a way to harvest sensitive information, but also as a method of attack through phishing and social engineering. Continue reading Tips for Better Email Security

It is never good news to have servers compromised by hackers or corporate espionage.  Given the finite resources of any company however, the open secret is that not every computing node on the network can be equally well-protected.  As it is, priorities are often heavily skewed towards protecting servers running crucial Enterprise Resource Planning (ERP) or Customer Relationship Management (CRM) services, or publicly accessible Web servers.

What many businesses do not realize is how the humble email server is often overlooked and left under protected.  Yet it remains a front-facing server due to its location on the Internet, or in the DMZ that demarcates the Internet from the relatively safe harbor of the company intranet.

I want to highlight five repercussions of a hacked Exchange Server account today so as to illustrate the importance of ensuring that your Exchange Server is patched in a timely manner, as well as the need to ensure that adequate best practices and security defenses are put in place.

Continue reading 5 Repercussions of a Hacked Exchange Server Account

While the Oak Ridge National Laboratory’s may be famous for its role in the Mahanttan Project, recent cyber attacks have brought the Department of Energy’s research center back into the news again. According to Barbara Penland, a spokesperson for the lab, Internet service and access to external email was brought down by the lab as part of preventative measures to secure the network’s sensitive data against a spear phishing attack launched against the lab on April 7^th.

The attack targeted lab employees disguised as a message sent by the Human Resources Department that contained a link exploiting a vulnerability in Internet Explorer. Microsoft has claimed that this vulnerability was fixed on April 12^th, one day after Oak Ridge noticed the attack against them.

Continue reading What we can Learn from the Oak Ridge Attack

Recently a couple of phishing emails arrived at my inbox at the education institution where I teach.  Both messages were deleted without a second thought, though I realized later that one of the phishing mails could have fooled me – had it been relevant.  Purporting to be from the institution’s IT department, the offending email was exceedingly well-written and talked about how a shared storage resource had been scheduled to be taken down for routine maintenance soon.  Users were asked to visit a shortened URL link (helpfully provided, of course) to let the technical team know if they want a data backup of their folders done.

I have no idea where the proffered link leads to; though I assumed that it would have tried to obtain users’ usernames and passwords at a minimum.  As you can imagine, even having a fraction of users fall for such a ploy would be nightmarish, more so for an Exchange server that is administratively joined to a domain – a successful phishing attempt is all it takes to compromise an account across the entire domain.

So while not typically tagged as the duty of an email administrator, are there any strategies that administrators can employ to better defend against phishing attempts?  I thought about it, and came up with a number of suggestions.

Continue reading 4 Ways Email Administrators can Protect their Users from Phishing

Most of us have received emails asking us to click on a link and confirm our account information by typing in our personal financial information such as a credit card account number. Later we find out that we’ve been scammed and that our information was used so that someone else could rack up hundreds of dollars in purchases, maybe even thousands of dollars.

Our immediate thoughts are that we hope they catch the criminals who have now enjoyed a spending spree at our expense. We picture the police breaking down the doors of the living domains of these criminals, catching them while they enjoy their falsely purchased electronic gear or perhaps while they are out enjoying some fine dining at an upscale restaurant that we would never spend money on for ourselves.

The truth of the matter is that most phishers are not living lifestyles of the rich and famous, are not dining on lobster tails nor are they watching March Madness from arena box office seats and spending hundreds of dollars in pricey meals each day.

Continue reading Phishers Not Getting Rich

Last month, many users of  Google’s GoogleChat service found themselves preyed upon as potential victims to the ViddyHo worm phishing scam. The phishing scam was using a come-on approach and sent messages to some users of the online chat service from someone appearing to be one of their contacts. Although the latest phishing scam was using a chat service there is always the potential for such phishing scams to resurface through email.

In this case the scammers used the traditional bait of prompting a user to click on a link from tinyurl.com, a service that shrinks URLs for easy sharing on sites like Twitter. Victims were then directed to the ViddyHo Web site where they were asked for their Google login information. Once the user had “logged in” they unwittingly opened up their contact list for the worm to spread.

This is old advice but is worth repeating: verify and confirm links sent to you from people you know before you click on the links. The names listed in the “To” field, although familiar to you, may not have really sent the email messages. I’ve discussed in previous posts the importance of authenticating the users who have sent you email and the use of certificates of authenticity – are they really who they say they are?

Continue reading ViddyHo Phishing Scam