The weakest point of security in any organisation is the users, either due to a lack of awareness or security fatigue. Attackers know this, and they target users through email because with a working email address, a malicious but well-crafted attack could easily get in front of a vulnerable employee. Attackers are also very determined, so they will continue to pursue a target-rich environment until they find a gap in defenses. A recent Consumer Affairs article reports that as many as one-third of AV scanners failed to find malware samples in a two month test. That's why attackers keep trying, even when they know a company has anti-virus protection in place.
What could happen if spam gets through to the mailbox? Here are a few scenarios:
It can eat up your resources: If you are pulling email into your message server, spam chews up resources that should go to other things. A massive spam attack can slow or even freeze a spam filter or an email server. Barracuda, like many security companies, offers cloud-based protection so that these messages are stopped before they ever get to your organization. This frees up your infrastructure resources and lowers the risk that an attack will get through.
A successful spam attack can make your network part of a botnet — a network of compromised computers that can be controlled remotely by an attacker. These botnets can then be used to launch attacks against other networks. These could be DDoS attacks, spam attacks, or something else. Regardless of the type of attack launched by the botnet, your network would be used in criminal activity. Even if you don't notice that your bandwidth and other resources are being used in the attack, your IP addresses may be blacklisted due to this activity.
Targeted phishing attacks are becoming more common, which means that an email written for a specific victim can trick that recipient into doing something like sending money or giving away sensitive information. These emails impersonate an officer of a company or a trusted site like a bank, and they resemble legitimate messages well enough to get through defenses. Once they arrive in an inbox, only user awareness can stop the threat.
A successful spam attack could subject you to these and a number of other scenarios.
Since email is the number one threat vector, it comes to reason that our first line of defense should be protection of the mailbox. All security vendors are working very hard to ensure that your email is free of spam and malware. Here at Barracuda we recognized a while ago that traditional approaches to email security based on identifying bad senders, scanning messages for keyword patterns and doing signature based virus detection are no longer sufficient in the face of advanced threats.
In order to stop attackers adept at evading our basic techniques we are deploying the power of deep machine learning systems, multilevel intent analysis, and several other advanced technologies.
Scan all of your O365 emails and identify dormant threats today!
Barracuda Email Threat Scanner is a free online service that scans all your Office 365 emails and identifies these dormant threats without any impact on your system’s performance. To date, Email Threat Scanner has found threats in more than 90% of the thousands of mailboxes scanned. And on average, each account was found to contain more than 50 threats.