Targeted Spam: A serious security and privacy issue
Have you noticed a lull in the amount of spam your agency has been seeing? I did for a while. Well, a recent article by Government Computer News may explain what is happening.
In a March 5, 2009 article entitled “Spammers retool for a renewed assault” they lay out a very scary explanation for the recent drop in spam and paint a not so comfortable description about what spammers are planning–here’s a quote:
“The bot masters are trying to build their botnets back up,” Masiello said. “There is a lot of variance even on a daily basis on how much spam is being sent and received…they are likely going to be used for ID theft, mostly,” Masiello said. But the data also could be used to tailor fraudulent e-mails that could be convincing enough to entice even wary recipients to visit malicious Web sites or download malicious code.”While spammers will continue to react and adapt to whatever tecnical means we have to prevent their attacks from harming our systems and data, there are three simple and very effective things you can do to thwart these evil doers:
- SPAM/VIRUS SCANNING TOOLS: This is your agency’s first line of defense against spam-initiated virus, spyware, and trojan attacks. While it’s hard to find an agency that is not using virus and spam scanning tools, periodically check to a) make sure your users have not turned off those tools, and b) that their tool definitions are up to date. On the network side, make sure your enterprise scanning tools are configured for maximum protection and that definitions are kept up to date with current spammer tactics.
- PERSONAL REMINDERS: You hear it all the time, 80-90% of information security issues are because of what “people” do (or fail to do). And, I hope you’re not counting on your agency’s annual IT security training to get them to protect themselves and your systems. An old adage frommy Navy training days used to say “if you want them to listen, you gotta tell’em seven times, in seven different ways.” This continues to be good advice. You are going to have to continually remind users to not open any attachments or click on any links in emails from people they do not know. Some ways include: a short email to all your users once every 30-45 days and include an example of a targeted spam email; place a note in agency newsletters; or have leadership mention it at stand-ups/watch turnover.
- OUTBOUND SCANNING AND IP BLOCKING: While most agencies are filtering inbound spam email and IP addresses, i’d guess that many of them are NOT doing the same on OUTBOUND emails and IP addresses. A good layered defense takes into account the chance that something may get past your inbound scanners. It’s a good practice to also scan and filter OUTBOUND emails and IP connections to make sure that trojan isn’t “calling home”; there are a number of websites out there to help you set this up.
As always, your thoughts and comments are welcomed…r/Chuck