In October 2013, 153 million Adobe accounts were breached, with each containing clear text email addresses for their customers. The password cryptography was poorly done and many passwords were easily decrypted as well. Since the activation and licensing of Adobe’s suite of products requires a valid account on Adobe’s servers; cyber criminals quickly identified these as valid email addresses and a plethora of phishing emails and spam soon followed.
In light of incidences like this and the availability of large databases of valid email addresses, there is an urgent requirement to protect legitimate email accounts from the virus-infected and malicious link phishing emails cyber criminals send out by the millions. Indeed, when it comes to this kind of attack, cloud-based email protection services can provide more than just anti-spam capabilities and content filtering features.
Of particular interest is the importance of filtering the common business email accounts like email@example.com; ap (accounts payable); ar (accounts receivable); hr (human resources) and of course firstname.lastname@example.org. It’s even better when these accounts are distribution lists to multiple internal email addresses. Even if you’re sceptical of the cost of protecting everyone’s email inbox; putting protection in place for your company’s generic email accounts is a “quick-win” to reduce the spam volumes and phishing emails.
One of the key advantages of a hosted email protection service is that it sits in front of the mail infrastructure restricting the IP addresses of the connecting email servers. Configuring your mail exchange (MX) records to send mail to the hosted service for scanning, and then configuring your email server and firewall to only accept connections from the hosted protection service provides robust protection against email threats. This configuration ensures that only email that passes through the scanner is sent to your on-premise email server.
This configuration also allows the hosted email protection service to monitor the volume of messages originating from your on-premise email server. A sudden spike in the number of sent messages could indicate a major problem inside the host network.
Why is this important?
One of the ways cyber criminals break into your company is by connecting to your email server directly. Clearly you can see the value of IP address restrictions on limiting the allowed list of connectors to an on-premise mail server. This network reconnaissance technique of direct connection is almost completely thwarted by a defence-in-depth strategy.
Since cyber criminals are unable to connect directly, it will be impossible for them to know which email server software you run. That makes it very difficult to find vulnerabilities to exploit. This issue is important if older versions of Exchange are being run on older hardware with limited capacity.
Running a hosted mail protection service makes a lot of sense to defeat some of the most common attacks in use by cyber criminals, such as those listed below.
Increasingly, email has become “the” critical business service, but our own systems support the worldwide statistics claiming that almost 70% of email traffic worldwide is spam or malicious (see graph below). In 2014 the percentage of spam in email traffic is forecasted to remain roughly the same. Among malicious attachments there is growth in malware (or links to malware) designed to steal confidential data, especially passwords and logins for social networking sites and, of course, banking systems.
We can infer that the threat of malicious attachments, and increasingly malicious web links is a danger to anyone receiving and sending email – that accounts for almost every business in the Internet-connected world.