Deprecated: Function create_function() is deprecated in /home/hidefide/public_html/blog/wp-content/plugins/wr-pagebuilder/core/core.php on line 127
{"id":600,"date":"2018-03-07T16:20:44","date_gmt":"2018-03-07T16:20:44","guid":{"rendered":"https:\/\/icaruspressblog.wordpress.com\/?p=600"},"modified":"2019-04-17T11:26:36","modified_gmt":"2019-04-17T11:26:36","slug":"dress-warmly-spam-blizzards-are-in-the-forecast","status":"publish","type":"post","link":"https:\/\/hidefideas.com\/blog\/2018\/03\/07\/dress-warmly-spam-blizzards-are-in-the-forecast\/","title":{"rendered":"Dress Warmly! Spam Blizzards are in the Forecast"},"content":{"rendered":"

\"ny_blizzard_03\"
\nIt may be the case that the winter months are snuggling in and getting comfy south of the equator, but here in the northern hemisphere, summer\u2019s only heating up and getting a good head of steam on as it plans to make us run for the air conditioners and cool beverages. So the idea that we should prepare for blizzard activity seems something of a paradox, but the kind of blizzard we\u2019re speaking of has nothing to do with cold weather, snow, or parkas. Nor are they a product of good old Mother Nature. No, this type of blizzard won\u2019t bury your car under a mountain of snow, but you may want to pay attention, because the damage it could inflict might have you running for your network security policy.<\/p>\n

According to an article<\/a> by Network World discussing a recent security report, there\u2019s a new type of threat on the Internet landscape, and while the idea behind it is nothing new, the fact that it\u2019s been identified in the wild recently suggests that we all need to take another look at our anti-spam policies and procedures. The attack, which Network World dubs \u2018blizzards,\u2019 is the bombardment of emails on a target, so many emails, in fact, that the target can\u2019t keep up with the incoming spam. \u201cSpam attacks may last from 12 to 24 hours, it continued, and inundate an inbox with as many as 60,000 messages,\u201d the article purports.<\/p>\n

The report cited by the article suggests that the attacks are very targeted and very deliberate, indicating that the attackers must have somehow obtained personal information that helps them target the individuals\u2019 or organizations\u2019 email addresses.<\/p>\n

So, you ask, why bother? Well, we\u2019ve known for a long time that spammers aren\u2019t spamming for their health, and since their cumulative IQs can be packaged up and sent packing through the eye of a needle, there must be some tangible (read: monetary) reason for the attacks. \u201cThe purpose of the assault,\u201d Network World reports, \u201cis to prevent a target from reading their legitimate email.\u201d And why would you want to prevent someone from reading their legitimate messages? Well, if some of those messages were transaction confirmations \u2013 you know, the kind that confirm account transfer requests or purchases \u2013 then hiding them amid a flurry of spam emails would certainly benefit the crooks who are pilfering their targets.<\/p>\n

\u201cUnlike much of the malicious spam circulating on the Internet,\u201d writes Network World, \u201cmessages in a [Distributed Spam Distraction] attack don’t contain any malicious links or attachments.\u201d In fact, not all spammers are as stupid as we wish they were. The idea here is to make things as innocent as possible, which might have network administrators wondering what was with all the benign emails, rather than wondering what else was going on to necessitate the flurry.<\/p>\n

You don\u2019t need a parka to protect yourself from blizzards<\/strong><\/h2>\n

In addition, blocking these emails can be tricky when they merely contain random passages from a book or magazine, because even the best content-based algorithms won\u2019t have anything to lock onto as the junk starts pouring in. A troublesome prospect, indeed, and one which could be disastrous, at least in the short term while the attack is occurring. Cleaning up the mess afterward would require some work, too, and care has to be made to review the messages to ensure that the real ones aren\u2019t discarded.<\/p>\n

Now, one obvious solution is to have rules for all the accounts that matter to you. Banks and other financial institutions will have distinctive signatures, like the originating email address and wording used to notify you of transactions. Flagging these messages and depositing them in a separate folder is just good practice, blizzard or no blizzard. For those messages that you cannot predict, perhaps personal messages from a broker notifying you that a cash transfer has been made, or a client informing you that that money order you requested has been shipped, some diligence has to be performed. Again, these should be deposited in a separate folder or given an alert rule \u2013 you\u2019ll know who you deal with on a regular basis, so it shouldn\u2019t be too difficult to generate a list.<\/p>\n

If those prospects prove too prohibitive or time consuming, perhaps consider forming and training a \u2018response team\u2019 to react in the event that blizzard activity begins to appear on your mail server. Being prepared for the attack, and what to look for, may help you mitigate devastating losses.<\/p>\n","protected":false},"excerpt":{"rendered":"

It may be the case that the winter months are snuggling in and getting comfy south of the equator, but here in the northern hemisphere,… <\/p>\n","protected":false},"author":3,"featured_media":601,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13,14],"tags":[11,9,10,8,7],"class_list":["post-600","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","category-spam","tag-allspammedup","tag-bot","tag-botnet","tag-malware","tag-spam","jsn-master"],"_links":{"self":[{"href":"https:\/\/hidefideas.com\/blog\/wp-json\/wp\/v2\/posts\/600","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hidefideas.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hidefideas.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hidefideas.com\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/hidefideas.com\/blog\/wp-json\/wp\/v2\/comments?post=600"}],"version-history":[{"count":2,"href":"https:\/\/hidefideas.com\/blog\/wp-json\/wp\/v2\/posts\/600\/revisions"}],"predecessor-version":[{"id":1746,"href":"https:\/\/hidefideas.com\/blog\/wp-json\/wp\/v2\/posts\/600\/revisions\/1746"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/hidefideas.com\/blog\/wp-json\/wp\/v2\/media\/601"}],"wp:attachment":[{"href":"https:\/\/hidefideas.com\/blog\/wp-json\/wp\/v2\/media?parent=600"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hidefideas.com\/blog\/wp-json\/wp\/v2\/categories?post=600"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hidefideas.com\/blog\/wp-json\/wp\/v2\/tags?post=600"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}