Actu
IceWarp Discovers New Sophisticated Spam Delivery Method
May 2013 by IceWarp
IceWarp has discovered a new sophisticated Spam delivery method hackers use to bypass most anti-spam defenses and attack computers worldwide, the global messaging and collaborations solutions provider announced today. According to the company’s security experts, the following pattern has emerged: hackers steal email addresses and passwords from the outside nodes, and use this combo to break into a corporate email system.
The recent IceWarp security situation analysis showed that the attackers are exploiting the fact that many users often choose the same password for their social media accounts and corporate email. That negligence opens wide opportunities for hackers even if they are able to get hold of just a few passwords. The recent hack of LivingSocial, a popular daily deals platform, showed that cyber criminals immediately applied stolen passwords to break into corporate email accounts.
“The email address is decomposed into two parts, where the domain part is used to lookup the mail server using its DNS MX record (publicly accessible), and the username authenticates that user to the server,” explained Antonin Prukl, IceWarp Technical Director. “Once intruders get access to server, they look into the IMAP folder for the recent emails sent by the account’s owner. Then they send spam to these email addresses from the same server.”
This tactics makes spam attacks extremely effective, since, in most cases, the hijacked sender is on the recipient’s server white list.
“There is nothing suspicious in getting an email from an “approved” sender,” notes Mr. Prukl. “Such spam delivery process is almost impossible to detect and stop.”
According to IceWarp security team, the only effective countermeasure – a part of strict password enforcement policy - is the technical capability to force users to change passwords at the first signs of such an attack.
“IceWarp administration features make password administration easy,” says Mr. Prukl. “All administrators have to do is to force users to change their password when they log on. This can be done with just a few mouse clicks.”
More information on IceWarp password policy enforcement capabilities can be found here: http://www.icewarp.com/support/online_help/11.0/Content/485.htm
IceWarp, which is considered one of the world’s most secure messaging platforms (its anstispam module is using 20 spam protection techniques) is offering special protection options to ward off sophisticated hackers not available from other vendors. One of them is a special trigger administrators can use to issue a company-wide warning and make user change their password once they log into the system. Additionally, the administrators can enforce the password strength, such as including letters, numbers and symbols.
