Spam filters are not generally considered a security measure but as spam traffic increases, they may find correspondingly greater effectiveness in that capacity. It seems that every week, another major company is in the headlines after being hacked. Sometimes these intrusions cost them fortunes, as in the case of the recent $45 million bank heist, and sometimes it just embarrasses them, as in the case of The Onion. Whether the price is $45 million, or a slice of humble pie, one thing is for certain: nobody wants to be hacked. Another, less discussed near-certainty is that somebody either within or close to, the hacked company experienced first-hand the magic of social engineering.
This science was first explored by the esteemed Kevin Mitnick, in his 2005 seminal treatise, “The Art of Intrusion”, and has been expanded and refined to such an extent that it is now responsible for the initial breach in the vast majority of cyber-crimes that are committed today. A particular ploy in the social engineer’s toolbox keeps surfacing in the subsequent investigations of nearly all of the high-profile breaches of the past several years, and that is the “spear-fishing” attack. This is generally accomplished with an email which contains enough personal information about its recipient to be convincing, and which induces them to click on a link contained in its text.
Once someone clicks on that link, the hacker may already have what he wants, as there are methods of attack involving browser “cookie” thefts or embedded JavaScript code which are completed as soon as the link is clicked. Most often though, the prize is a set of user credentials, a user name and password, for a particular site that the hacker plans to attack later, and in these cases, the victim is directed to a page that seemingly belongs to the site to be attacked, but is really owned by the hacker. Entering valid credentials at one of these pages will allow the hacker to bypass the first line of defense at the target site, an advantage which he will exploit and escalate until he ultimately obtains “root” access, at which point it is “game over” for the server.
Installing spam filters in a company’s mail system is a simple and effective method of reducing this danger, and will eliminate the vast majority of the malicious emails and their embedded links before they even reach anyone’s inbox. While nothing can guarantee protection against a well-engineered, targeted attack, reducing the overall volume of email in which those spear-fishing attempts obscure themselves not only reduces the time wasted in deleting them manually, but diminishes the enormous amount of mail that users must sometimes analyze to detect that more dangerous variety. Of course the safest policy is to refrain from ever clicking on email links, but when that is impractical, this volume reduction can be the determining factor in whether or not a company is successfully infiltrated.
If you would like more information about this issue and its mitigation, or any other cyber-security related concerns please contact us.