Dark Reading published an article recently titled “SMBs Often Hit Hardest By Botnets”. David Setzer, our CEO, was featured in this article after an interview in which he gave his expert insight on the issue.
Spammers use their botnets not only for sending unwanted email to SMBs, but also for gathering new email addresses and bot recruits. “They are after sensitive data, as well,” says David Setzer, CEO of Mailprotector, an email security service provider. They want to recruit a new spam relay/bot, but they also throw in a keylogger to sniff for usernames and passwords, and try to grab as much lucrative sensitive data as possible, he says.
“It’s kind of a Swiss Army knife of malware…[they figure] they might as well get all the goodies they can out of [the SMB],” Setzer adds.
While Setzer says he can’t pinpoint any specific botnets that focus on hitting SMBs, more SMBs tend to get hit because they don’t have the horsepower to handle the threats. A DSL line or DS3 connection can be no match for a botnet spamming and waging a directory attack, he says.
While the big botnets and spammers stick with the widespread attack strategy rather than targeting companies, some SMBs are getting hit with targeted phishing attacks in order for the attacker to gain a foothold in their networks.
“What we see more often is a whaling-type attack where you have somebody targeting someone at a small- to medium-size business for a specific reason –maybe a smaller brokerage,” he says. “It’s some human making a cognitive decision to go after [a firm].”
One of Mailprotector’s small-business customers was once hit by a massive spam run and directory attack delivering more than 100,000 messages from more than 10,000 distinct IP addresses. “It was a spam and a directory-harvesting attack where they were going through and trying to harvest names and email addresses from the directory,” Setzer says. “[The customer] didn’t know about the attack until their regular log review because our systems had shut it down…it would have crashed their email.”
Many SMBs run multiple services on their servers, and an email server may run other applications, as well. “So when a big denial-of-service or wave comes in, the server can’t handle the load or bandwidth,” he says.
Check out the full article here.
No related posts.
