Email: An open door to sophisticated security threats
Email was once a straightforward vehicle that, contrary to design, became a vector for viruses, trojans and spam. etc. Now, of course, it's a virtual open door exploited by individuals, organized groups of malware authors and cybercriminals to deliver sophisticated and stealthy security threats, which take up residency on desktops and establish extensive strongholds on corporate networks. Just how open is the email door to security threats? Can one easily sweep the front steps to ensure that computer users avoid unknowingly inviting malware in – to become the unwanted guest who just won't leave unless pushed out?
These “houseguests” – some invited and others appearing unannounced – travel far and wide, and bring with them unique offerings.
There are botnets, which have matured from simple command-and-control channel structures for malware, becoming architectures that are more discreet and dangerous, difficult to halt, and possess much-improved agility and functionality.
There's the ever-present spam nuisance that exploits a variety of technologies and easily avoids traditional defenses. Spam often leaves behind a mountain of junk mail, like the well-known stock pump-and-dump and advanced-fee fraud campaigns, while delivering a variety of security “gifts.”
The volume of spam has remained relatively stable over the years, but new and previously unknown sources have surfaced with sophisticated attacks that traditional anti-spam software and appliances, nor traffic management controls can easily stop.
How about the mischief-making “houseguests” who tap their friends to join forces? Rather than attaching malware to an email, they include links to malicious websites that host the malware code.
These sneaks also love their social and peer-to-peer networks. With the abundance of readily available information including personal and business email addresses, these networks are like a well-stocked refrigerator ready to serve up a weekend of fun and excess. Combine personal data easily gleaned from social networking sites with information appearing on corporate websites, and these houseguests drop on the sofa, put their feet up, and design personal attacks.
Guests will come from various locales, across many countries, and bring along luggage full of new “treats” – sophisticated phishing expeditions that will exploit VoIP technology, rock phishing plus fast-flux that will enable phishing sites to remain undetected for weeks, new sophisticated spam techniques, and viruses spread through email that contain hyperlinks and executable attachments. These “guests” fixated on cybercrime, are establishing themselves as an interconnected network of groups that offer different “gifts” at different price points.