News & Events

SPAM FILTERING – the necessary evil?

Junkmail-paperwaste-MAINA technology market research firm called The Radicati Group recently estimated the number of email users worldwide at 3.7 billion and that 269 billion emails are sent per day. This translates to around 2.4 million emails per second.

Of this, 49.7% is digital junk mail or spam and 2.3% have malware attached to them.

This means that spam-filtering systems have to sift around 269 and remove 135 billion emails a day. That is a lot of work.

If you want to know how important spam filters are to your online experience, try turning them off for just a few minutes. Your network will probably end up looking like this office below.CLUTTERED OFFICE

The good news is that in the cat-and-mouse game of cybersecurity, spam is one department where the defenders have kept reasonably well ahead of the attackers. And the outlook for the future is bright: machine learning is poised to take spam filtering to a new level of play.

Why am I getting more and more spam?

In spite of that though, in the last few years, most clients have reported seeing more and more spam in their inboxes in spite of better filters. Why is that so?

The main reason is that over the years, as email traffic has increased dramatically, naturally so has spam. And even though the spam filters are more effective at sifting them out, in absolute terms, the number of emails that escape the filters continue to rise.

The number of spam emails accidentally released is also determined by how the filters are configured to work. They can be set to be more stringent so that fewer spam emails would escape, or they can be loosened, and you see a lot more.

Why can’t we lockout all spam?

So why not set the filters as tight as possible so that no spam ever escapes to annoy us?

There are at least two reasons.

Many spam emails are written in such a way to look like normal emails. They may give you tips on how to get rich quickly or they may simply offer miracle cures for the middle age bulge. But these are suggestions that you may get occasionally from well meaning colleagues. Until the spam filters see a clear pattern (such as receiving enough of them) to be sure that they are spam, they cannot act.

The senders of such spam are very clever in the way they go about constructing these messages. The rules that the spam filters use are not exactly trade secrets.

Secondly, there is another side to the spam coin – the accidental filtering out of legitimate emails. Set the filters too tight and authentic mail is caught in the mesh; loosen them too much and you are inundated by spam. It is a balancing act.

And the right balance changes over time as the cat closes the loop on the mouse and as the mouse creates new tricks to evade the cat.

Add to this situation the new complexity of criminals using spam to deliver malware such as the latest WannaCry ransomware. The spam filtering mechanism deployed by HTG to remove spam now has to also check for malware, which like spam, is also fast mutating.

Spam filters are like antibiotics

The antispam story bears a lot of resemblance to that about antibiotics. If you use too strong a dose of antibiotics then the good germs are killed as well. Under-prescribe the medicine and you allow the bad bacteria to proliferate. And like bacteria, the spam and malware likewise mutate rapidly in a cat-and-mouse game. Occasionally, like in the biological world, you get a spam/malware pandemic, like the recent WannaCry outbreak.

Maintaining the right balance is a mix of art and science. To get it right takes a lot of work.

Two classes of spam-filtering services

As a result, there are two types of spam-filtering services out there:

  • The automated services which rely on the robotic spam filtering rules and processes built into their software;
  • The semi-automated ones that use most of the rules and processes built into the software but also engage specialist staff to monitor local situations and adjust the levers continually.

HTG encourages all its clients to opt for the semi-automated system of spam management. With this system, spam specialists (real people) continually observe the local spam landscape and adjust the filters to work more precisely. For example, if there is a sudden surge of spam or malware attacks from say North Korea, our cyber specialists may increase the filtering of all emails from that region.

The second method obviously gives a much better and safer outcome but can be a little more expensive. Whether this is something you need will depend on how big a cost unnecessary leakage of spam into your mailboxes is to your business.

In my view, there will not be a single business out there that would be better off with more rather than less spam. This is not only because spam costs productivity to delete but also it has such a high chance of carrying scams as well as malware that can wreak massive damage to your network.

 

Not happy with your spam and malware defences?

If you are suffering from an unsatisfactory level of spam or malware attack, please let us know. HTG has had a lot of experience in this field. We have specialists who can assist you with choosing the best strategy. To request a free consultation click HERE.

 

Read more
New Dangerous Variant of CryptoLocker Reaches Waikato. Do not click on unknown resumes!

In my nearly 30 years of advising clients on IT security I have never come across a more aggressive and successful piece of malware as CryptoLocker. ‘Successful’ from the angle of the perpetrator, not from the perspective of the network owner, regrettably. Since the beginning of this year, HTG has been aware of wave after wave of CryptoLocker attempts on Waikato businesses. Unfortunately, sufficient of these attacks were effective to cause a lot of disruption and consequential monetary loss to the victims.

To some degree networks can be protected against CryptoLocker through technology. Clients who are subscribers to HTG Fortress, for instance, benefit from a higher level of protection than is obtainable from normal defences. However, there is nothing that can prevent successful infection through users momentarily or unknowingly letting their guard down and opening unsolicited email attachments or clicking on links to infected websites.

I believe that there wouldn’t be many users out there who are not aware that clicking on unsolicited email attachments or suspicious links is risky. However, the perpetrators are getting smarter and smarter and each new generation of Ransomware is dressing up to look more and more like legitimate correspondence.

For example, the newest Ransomware variant that is circulating around the Waikato and elsewhere is just a simple message offering a resume. It looks something like the picture on the left.

Subscribers to HTG Fortress will automatically be protected against this new variant. However, regardless of whether you are especially protected or not,

The Golden Rule is: never open attachments in unsolicited emails or click on links to webpages you don’t trust.

And if you are wondering why, like the burgers that you buy from McDonald’s anywhere in the world, these attacks have such a high degree of similarity and consistency no matter where they emanate from, read the article at the bottom.

If in doubt, please forward your email to the HTG specialist malware team at malwarecheck@htg.co.nz and we will advise you on its authenticity. This service is FREE to all members of the Waikato Chamber of Commerce.

How can you help yourself avoid infection:

  • Use and regularly update your anti-virus and anti-malware software. Please note that antivirus software is not perfect but it can still catch a large percentage of malware and reduce noise. If you want to be more protected, install proper anti-malware such as Malwarebytes. For more information this please click HERE.
  • Keep your operating system and applications up-to-date – install the latest patches. If you still have machines running Windows XP or Windows Server 2003, consider upgrading them.
  • Do not open attachments in emails unless you are 100% certain that they are authentic.
  • Do not click on links unless you are 100% certain of what they are.
  • Make sure all of your files are regularly backed up.

If you need assistance with checking if your network is sufficiently protected against the above or any malware, or if you want help to improve protection, please contact our specialist team on 0800 484 4357.

Read more
Is your business still running the type of home grade firewalls that ISPs give out for free?

What prompted me to write this article is a recent story published by the BBC of how the Bangladesh Central Bank lost over $100 million to hackers. It turned out that the bank’s system was protected only by a cheap internet router with no proper firewalling services built in – the type that many businesses still run in NZ.

I have long and consistently urged my clients to be careful about cyber security. This is because where I sit I come to hear of a lot of risk-taking and actual losses incurred by businesses through cybercrimes. Consider the following statistics:

  • Over 856,000 New Zealanders were affected by cybercrime each year, costing at least $257m in 2015
  • An average of 25 attacks per day happened last year, causing $13m in damage – up 68 per cent
  • For one email platform, nearly 70 per cent of all email was identified as spam or malware. And this is not uncommon. Most businesses don’t realise this because their email host filters out 99.99% of this offal.
  • A US study has found 60 per cent of small businesses went out of business within six months of a data breach.

The majority of the issues arise from momentary lapses of attention. It can be very hard to beat the cybercrime perpetrators because they are often very brilliant at what they come out with. For example, ransomware writers are sending out more and more innocent looking messages that even the most seasoned cyber-detectives are having difficulty differentiating from legitimate emails.

However, there is one source of vulnerability that is extremely commonplace and simple to protect against but which, from my observation, is not well managed in many organisations. I am referring to the firewalls that many businesses use to secure their networks from external strikes.

Running a basic home firewall at your business today is identical to driving without seat belts on.

For many businesses, the first firewall they had ever installed was the basic home variety firewall/router that used to be given away for free when anybody signed up for an internet connection back in the early days. These devices have very basic firewalling support such as port address translation and basic NAT. In the pioneering days when the internet first appeared, cyberattacks were unsophisticated and few and far between. Even the most rudimentary firewall provided sufficient shelter.

Most businesses, not knowing what risks they took, replace the last firewall with another firewall of the same genre as the older one packs up. They are therefore perpetuating the vulnerability from one replacement cycle to the next.

Unfortunately, over the decades the complexity and frequency of cyberattacks has mushroomed. In the last five years especially, we have seen unprecedented increases in the volume, forms, and intricacy of such outbreaks.

If you are running one of these firewalls, or if you are not sure, my advice to you is to urgently have someone review if that device is giving you sufficient protection.

Running a basic home firewall at your business today is identical to driving without seatbelts on. You get wiped as soon as an accident occurs.

If you are running one of these firewalls, or if you are not sure, my advice to you is to urgently have someone review if that device is giving you sufficient protection. In my travels I have seen far too many of them still in active service.

If you need any help with checking if your firewall or other security defences are fit for purpose for your business, please just request a FREE audit by our security specialists at HTG.

Read more