Spammers Out Innovating SMB Security

In 2006, e-mail security provider MXLogic conducted a SMB survey that found the smaller the company, the more likely it was to be vulnerable to e-mail threats.

Since then, there’s been an explosion of security technologies that promise SMBs protection from e-mail borne threats. With all this technology available, and with a growing number of hosted security providers offering services like Solinus’ MailFoundry, it’d be logical to assume SMBs had become small fortresses buttressed against the flood of incoming threats.

Unfortunately, this is not the case. Even after the recent shutdown of hosting service McColo, one of the major producers of spam, SMBs remain vulnerable to e-mail borne attacks, spam and phishing.

Sam Masiello, director of MXLogic’s Threat Center, tells Channel Insider that as SMBs become savvier about security, spammers develop increasingly innovative ways to circumvent security measures and choose their targets more selectively. As that happens, solution providers in turn need to keep up to speed with the ever-changing threats that face their customers, and ensure they keep pace with spammers tactics.

“Spammers aren’t sending e-mails en masse, to millions of potential targets and hoping a few will bite. What we’re seeing now are more focused attacks sent to specific people—mostly executives—at  organizations,” says Masiello.

Masiello says one particular scam involved an e-mail sent to executives claiming to be from the Better Business Bureau (BBB) regarding a complaint—fictitious, of course. Concerned executives who clicked on the link provided in the e-mail were taken to a bogus site, and a keylogger was downloaded to their computer, allowing spammers to track these executives’ every move.

“What we saw last year was better social engineering tactics using ‘bait’ that really meant something to these executives – in this case, they were worried about a BBB complaint. And those guys were targeted because they have a lot to lose,” says Masiello. The keylogger allowed spammers to access information when the executives logged into their online banking, brokerage or credit card accounts.

For solution providers, education is key to the success of their business and for the security of their customers. Keeping abreast of the latest inbound threats means more than understanding that there’s no real Nigerian prince waiting to deposit $10 million into your bank account.

While there are still spammers using national financial services chains such as Chase or TDAmeritrade to lure in victims, Masiello says MXLogic has noted an increase in attacks using the names of smaller, regional banks.

“These guys are also now targeting local and regional banks as well, because they find account holders in these local banks may not be as educated about threats, and these smaller banks may not be as good at outreach to their customers as far as threats and scams,” he says.

And while there’s loads of technology out there to help customers deal with threats, that in and of itself isn’t enough. Trend Micro offers SMB-specific InterScan firewalls and client/server messaging security. Internet security vendor SmoothWall’s unified threat management (UTM) hardware appliances are targeted for midmarket companies. And security giants McAfee and Symantec (through its MessageLabs and Brightmail acquisitions) offers an SMB-focused e-mail security as a service solution.

But a multi-layered approach led by a well-educated channel partner is the most effective tactic, says Masiello.

“Having a multi-tiered approach means you can’t just make sure your e-mail is monitored, but also make sure IMs and web browsers aren’t vulnerable. You should also control access to certain sites and monitor outbound Web traffic,” he says.

So, when it really comes down to it, the human element is the missing link. With all the technology available, it doesn’t do end users any good if you aren’t educated about the threats, their vulnerabilities and the best solutions to address those.

“You really have to stay on top of security threats as they evolve, and make sure you’re enabling the solution that best covers your customers’ needs,” he says.