Spam bomb: The threat of small businesses

Recently, security experts have warned users and small businesses to be cautious and prepared to face more complex and dangerous bomb attacks.

The most obvious example of this is the case of the 'teenager' David Lennon 'bombing' his company for 5 consecutive days with more than 5 million emails.

Just the amatuer people?

Although it is still considered an amatuer, Lennon's attack has caused damage to Domestic & General for up to £ 30,000.

Under the law, Lennon could be sentenced to five years in prison, but the judges only decided to punish him for two months in prison and forbid to leave the residence for certain periods of time.

Some people claim that Lennon received too little punishment. But according to security experts specializing in the field of attack of complex mail attacks, denial of service attacks (DoS), theft of personal information . then the domestic & General companies themselves must . receive penalty.

' Lennon's attack is quite simple. Every email is sent from an IP address. Therefore, it is very easy to prevent the attack and its origin , "said Matt Sergeant, an anti-spam technology expert from security firm MessageLabs. ' Even though Lennon deliberately falsified Domestic & General employee e-mail addresses and Bill Gates, but tracking and finding IP addresses to the origin of the attack is just an easy task. '.

What about professional people .?

Lennon used a commercial email software called Avalanche. This software is no longer on the market but it is a popular and legal software used in email delivery agencies.

For cyber criminals who specialize in DoS attacks and mail bombs, there is a different approach. They often use or lease zombie systems - a system of PCs kidnapped by hackers - from "black hat" hackers to organize a variety of attacks from different IP addresses.

Sergeant said he once witnessed a zombie PC system with 10,000 PCs controlled and rented for just £ 50 a day.

Victim - Small business!

With such tools, if they attacked, it would be hard to defend and take root. They ask the victims to pay for them to stop attacking them.

Often the most severe consequences are small businesses. Most of these businesses are unable to fight back against such attacks. Their business relies heavily on the website, forcing them to pay criminals to restore the business, explained Sergeant.

Meanwhile, security software with email connection monitoring feature has not fully achieved what users want. Enterprises often have to send more staff to supervise the tools themselves, monitor email network traffic .

If the business is not able to hire security experts, they may transfer this responsibility to other IT security vendors. These firms will perform remote monitoring tasks.

Risk of data theft

But according to executive vice president of Ken Rutsky's Workshare, the risk of being caught in business information is much higher than outside attacks of cyber criminals. Often, information thieves often impersonate the employees of the businesses they attack.

Rutsky recommends that businesses use software to closely monitor and enforce internal network access policies, prohibiting certain actions that pose risks from employees in the enterprise such as copying the list. customer to USB memory card for example. All these activities need to be controlled.

With those solutions, businesses can limit up to 90% of data cases, Rutsky said.

However, experts also warned that it should not be too reliant on technology. Security is a management issue and must follow the following process: establishing management, communicating and enforcing security policies.

Trang Dung