Tech pundits and vendors have been prematurely declaring the death of email for over a decade. However, email remains the dominant form of communication for businesses and individuals around the world despite it’s shortcomings. A Radicati Group report claims that businesses sent and received nearly 110 billion—with a “B”—emails per day in 2014, and contrary to rumors of it’s demise, email is expected to grow to as high as 140 billion per day by 2018.
With some sources claiming that as much as 80 percent of the email traffic around the world is spam, this means that up to 88 billion messages per day are unwanted junk mail. As if that isn’t bad enough, the Cisco 2015 Annual Security Report indicates that the volume of spam messages skyrocketed 250 percent between January and November of 2014.
How is that spam remains such a huge threat to productive email communication after all these years? Attackers know that it is often easier to exploit users via email and use targeted campaigns to gain entry for more advanced attacks. The reality is that spam is a big business. Spammers have a vested interest in continuing to adapt and innovate to make sure their messages evade spam filters and reach the unsuspecting targets they’re intended for. Due to these trends, phishing and other spam tactics remain a valuable weapon and a persistent threat.
Snowshoe Strategy
Detecting and blocking massive floods of spam from a single source is simple. Most organizations have some technology in place capable of identifying a high volume of email originating from a single IP address and rejecting those messages as spam. Spammers know this as well, which is why they’ve come up with a new strategy to circumvent that detection: the “snowshoe” strategy.
A snowshoe enables someone to walk on the surface of snow rather than falling through with each step because it distributes the weight across a wider area. When it comes to spamming, the snowshoe strategy takes a similar approach—spreading the attack across a more diverse range of IPs and avoiding broadcasting too many emails from a single source to make sure no red flags are tripped.
In a recent snowshoe spam campaign, Cisco Security Research observed a total spam campaign that took place over just three hours, but at one point accounted for 10 percent of global spam traffic.
Effective Defense
Blocking spam isn’t rocket science per se, but it is an ongoing struggle even though most of the best anti-spam systems block up to 99.9% of spam. Effective spam defense requires evolving tools and processes to stay a step ahead of new and innovative spam techniques – like the snowshoe strategy – that make up the .1% of attacks still getting through.
Email gateways are the obvious point at which to identify and block spam, but this alone is not enough. Email gateways will give incoming messages a simple “pass / fail” based on a single point in time. Spammers only need to figure out how to outsmart the email gateway once in order to overrun the network with spam.
Many organizations use a layered defense comprised of multiple tools from a variety of vendors that check and block spam at different points throughout the network. This is a more effective approach, based on the idea that spam missed by one tool will be blocked by the next. However, this approach also introduces some significant challenges. There can be duplication of effort between various spam-blocking tools and unnecessary complexity for IT admins trying to manage and correlate various tools from multiple vendors.
For truly effective protection against email threats, a multi-layered approach using diverse tools—and with a single, unified management console—is the best solution. You get the benefits of the layered defense, but with an integrated system of tools and simplified administration. An integrated solution can provide visibility and control across the entire attack continuum – before, during and after an attack – and offer the broadest set of enforcement and remediation options.
Regardless of what tools you use, the most important thing is to understand there is no “silver bullet” solution. Spammers will be working diligently to find new ways into your Inbox and it’s imperative that you continue to adapt as well to stay one step ahead of the deluge of unwanted emails.
- Unlocking the Power of Continuous Threat Exposure Management - October 8, 2024
- The ReliaQuest Mindset: A Competitive Edge in Cybersecurity - October 4, 2024
- Unlocking the Power of AI in Threat Hunting - October 2, 2024