Email: An open door to sophisticated security threats

Share this article:
Lysa Myers
Lysa Myers

Email was once a straightforward vehicle that, contrary to design, became a vector for viruses, trojans and spam. etc. Now, of course, it's a virtual open door exploited by individuals, organized groups of malware authors and cybercriminals to deliver sophisticated and stealthy security threats, which take up residency on desktops and establish extensive strongholds on corporate networks. Just how open is the email door to security threats? Can one easily sweep the front steps to ensure that computer users avoid unknowingly inviting malware in – to become the unwanted guest who just won't leave unless pushed out?

These “houseguests” – some invited and others appearing unannounced – travel far and wide, and bring with them unique offerings.

There are botnets, which have matured from simple command-and-control channel structures for malware, becoming architectures that are more discreet and dangerous, difficult to halt, and possess much-improved agility and functionality.

There's the ever-present spam nuisance that exploits a variety of technologies and easily avoids traditional defenses. Spam often leaves behind a mountain of junk mail, like the well-known stock pump-and-dump and advanced-fee fraud campaigns, while delivering a variety of security “gifts.”

The volume of spam has remained relatively stable over the years, but new and previously unknown sources have surfaced with sophisticated attacks that traditional anti-spam software and appliances, nor traffic management controls can easily stop.

How about the mischief-making “houseguests” who tap their friends to join forces? Rather than attaching malware to an email, they include links to malicious websites that host the malware code.

These sneaks also love their social and peer-to-peer networks. With the abundance of readily available information including personal and business email addresses, these networks are like a well-stocked refrigerator ready to serve up a weekend of fun and excess. Combine personal data easily gleaned from social networking sites with information appearing on corporate websites, and these houseguests drop on the sofa, put their feet up, and design personal attacks.

Guests will come from various locales, across many countries, and bring along luggage full of new “treats” – sophisticated phishing expeditions that will exploit VoIP technology, rock phishing plus fast-flux that will enable phishing sites to remain undetected for weeks, new sophisticated spam techniques, and viruses spread through email that contain hyperlinks and executable attachments. These “guests” fixated on cybercrime, are establishing themselves as an interconnected network of groups that offer different “gifts” at different price points.

Share this article:

Next Article in Opinions

Sign up to our newsletters

More in Opinions

Unfair competition: Proactive preemption can save you from litigation

Unfair competition: Proactive preemption can save you ...

With each job change, the risk that the new hire will bring confidential information or trade secrets with him or her to the new company grows.

Hackers only need to get it right once, we need to get it right every time

Hackers only need to get it right once, ...

Hackers only need to find one weak point to steal valuable information. On the flip side, security pros need to account for every possible scenario.

Successful strategies for continuous response

Successful strategies for continuous response

While it isn't realistic for organizations to expect that it will never happen to them, a rapid, professional and continuous response can limit their scope and reputational impact.