Earlier this week CBR spoke to Jim Wilson, head of research at Bloxx. Bloxx is a web content filtering and security firm, and Wilson gave up some invaluable advice for anyone looking to protect their business from the dangers of spam email...
Does spam still represent a 'serious' threat to the average user and businesses?
I'm not sure that spam in its self has really ever been a serious threat to the"average user", it should only be a nuisance to most. It is only when we get to the sub-categories of spam like Phishing and Viruses do we start to get into areas where the "average user" is at risk.
Phishing has become a lot more sophisticated over the last few years with most spammers now creating websites that are identical to the login pages of systems for banks and other financial systems or sometimes even online games or shops. These emails and associated websites can be very difficult for the recipient to tell from the real thing, with some now trying to get round the two part authentication by attempting to get recipients to install "special" apps on their mobile phones to allow the interception of messages from the authentication services.
Businesses have a much more complex relationship with spam. The simplest problem is time wasted by employees as they filter through the various spam messages looking for the important business messages.
A bigger problem for businesses is when an organisation's email server is badly configured. For example, if an email server is configured to notify the sender that the email has been rejected, then an email received from a spoofed sender address will result in the real address getting the rejection message alongwith the original spam message. For example, if a spammer uses firstname.lastname@example.org as the sending email address, then email@example.com will receive the notification email from the server. This is not as prevalent as it used to be but can still cause problems.
An even bigger problem is where the organisation's server is compromised and starts to send bulk spam emails or emails with links to phishing or viruses which damages the reputation of their email system causing other businesses to reject their important email as spam. This can cause the server to be blacklisted, can damage the organisation's reputation and can take quite a bit of effort to clear up.
How has spam changed and adapted over the past couple of years? And what's in store for spam in 2014?
The old 419 scams, V14gra and Russian bride spammers still abound but it's now very rare for these types messages of messages to make it to most peoples in boxes. This is largely down to the fact that content analysis and reputation basedfiltering has improved vastly over the last few years mostly due to the huge corpus's of spam available for analysis. Phishing type spam has increased with both wider ranges of targets and more sophisticated set-ups, viruses seem to be decreasing frequency (could just be better delivery systems) but the complexity and payloads are now a lot more geared toward financial profit for the creators either through control of machines for bot-nets or the very scary disc encryption ransom systems to name just a couple.
I expect that these ransom systems will become more prevalent in near future as they make enough money to fund more development or discovery of exploits. Phishing will continue apace I expect as again its can be highly profitable, we will need to see how the banks handle that with more sophisticated authentication methods.
It will always be better to stop these attacks before they get to their targets and I think it is worth considering what the impact on spam may be with the NSA hoohaa backlash. Many people are currently developing systems to ensure that the delivery of email is secure end-to-end. This will likely use both encryption and p2p to prevent snooping at the Internet level. However, despite this it's almost guaranteed that spammers will also start to use these secure delivery systems to send spam.
If these new secure email delivery systems are successful and become common place or replace the current system then the only place that content analysis will be possible will be at the end points. Content analysis may be the only way to detect spam if p2p is part of the system, as the reputation of an IP address may be irrelevant if all IPs in the system are involved in the delivery of all messages and the originating server is hidden from participants in the p2p delivery. I don't know what if anything will change with the delivery of email but it could be game changer for both the NSA and spammers alike.