IT managers are working hard to combat the increasing volume of malware attacks on their enterprises. These attacks are also becoming progressively more sophisticated. As a result, the risks of them causing damage to the business are greater than ever before.
The majority of threats that reach a company do so through the mail server. There are several reasons for this trend:
- The enterprise’s mail service is the most frequently used communication channel across the Internet
- An e-mail is easy to access and manipulate
- The SMTP mail protocol is simple and can be emulated by any Internet user
- Many confidential company communications are still transmitted using e-mail
- Firewall-type corporate security devices do not filter SMTP traffic which reaches e-mail servers
- Mail directories often include highly sensitive corporate information, such as organizational charts, key functions, directories with strategic information, etc.
- The mail service is a channel for mass infection, via worms and Trojans that replicate in each target, using infected computers and reading mail lists in the host computer.
E-mail has become an indispensable tool in business management and even in personal relations, all but replacing traditional means of communication. But as with any widely implemented tool, it is susceptible to being used deliberately in ways that are detrimental to the users of the mail service. One such negative use of e-mail services is spam. Mass mailing has proven to be a powerful, low-cost marketing tool. Spammers are able to get very quick returns, receiving payment for the number of mails that they send across the Internet. This has caused an avalanche in the development of this type of mail, reaching exorbitant figures in some countries. According to the Messaging Anti-Abuse Working Group (MAAWG), 82-87% of all incoming e-mail is currently categorized as spam or "abusive e-mail".
Spam is a nuisance at a personal level, as it has to be handled (opened, read, deleted) and clearly has a huge financial impact, due to the costs of processing large volumes of useless mail by the company. All of the time used by employees (users, IT administrators, etc.), as well as the use of server and communication resources, represent significant costs to the enterprise.
In addition to increased costs, spam slows down communication systems. When the mail server is forced to process large volumes of junk e-mail, it is clearly detrimental to its ability to process useful mail. Unfortunately, spam is growing in frequency every year, with an increasing number of spammers generating ever more junk mail. This means there is a growing need for tools that can effectively filter and eliminate this type of mail.
The Mail Server – A Critical Vulnerability
E-mail traffic is based on the SMTP protocol, which offers little or no reliable safeguards when it comes to exchanging information over the Internet between two nodes. In addition, it is a protocol that is easily emulated, and it is possible to generate SMTP traffic for exchanging information across the protocol from an Internet node (a simple PC) without the intention to send mail but rather to saturate a server.
Corporate firewalls cannot block mail traffic, since e-mail is a fundamental source of the company’s communication. For this reason, spammers know it is the ideal channel for sending all types of viruses and malware (spyware, hoaxes, phishing, etc.) to the unsuspecting enterprise. The following sections will examine some of the attack scenarios that could be clearly detrimental to users of a mail service.
Denial of Service (DoS) Attacks
An attack on a mail server can involve massive sending of connection requests to the server. This means that large communication volumes are generated (frequently from different sources) without even an e-mail being sent. The server can respond in several different ways:
- Option A: Not respond to communication requests aimed at mail addresses not registered in the mail server
- Option B: Respond with an error message to the sender
- Option C: Return a message that the server is busy
If the mail server takes Option A, it is applying a policy that will apply to malicious mail, but also to potentially useful mail in which the sender has, for example, made an error on typing the address.
