In a market full of products and services that promise to solve the most varied security threats, it is important to put solutions into perspective, understand what they really deliver and never forget that no single vendor can protect from all threats.
The most common security mechanisms implemented by ISPs, MSPs and service providers in general are anti-spam and anti-phishing filters. Numbers vary considerably, but even the most conservative studies show that, at least, 80 in every 100 emails can be considered SPAM. This is certainly a big challenge to service providers but there are lots of specialized data feeds, block lists and DNSRBLs that help manage this situation.
Among all the SPAM, there is an ever increasing number of emails that can be considered phishing scams. Those are messages that pretend to come from legitimate and familiar brands to lure victims into giving away their personal identification information or financial data. This threat is also very well researched and many companies provide detection and mitigation mechanisms.
And with the SPAM and phishing emails, there is an additional threat: the presence of malware in malicious attachments or web links. In the last few years, the information security industry witnessed the usage of multiple vectors of malware infection and malicious email messages are the most prevalent of them.
It is easy to observe that SPAM messages are the most prevalent, followed by phishing scams and later by malware-oriented emails. But it is important to notice that the damage caused by such threats is inversely proportional to its prevalence.
An infected computer may secretly relay personal and business information to the attacker, may take part in a botnet used, for example, on DDoS attacks, or may have its files encrypted for a ransom. Apart from financial losses caused by malware and ransomware, it is important to also take into account the potential risks to brand and image reputation.
SMBs are responsible for securing their customers and should expect large numbers of SPAM and phishing, and potentially smaller amounts of malware oriented messages, but they should keep in mind the destructive and costly aspect of malware and ransomware infections.
For more than a decade, Malware Patrol has maintained up-to-the-hour data feeds to prevent malware infections among our customers. Some data feeds contain malware URLs and therefore can be used in filtering systems, others list malware hashes that can match attachments, and there are also data feeds of anti-virus signatures.
Since 2005, Malware Patrol has constructed relationships with hosting providers, CERTs, CSIRTs, universities and contributors to expand its coverage and analysis of email messages. Apart from those data sources, spampots are also deployed to collect and analyze the most varied threats.
And to continue the expansion of our detection capabilities, we are always looking to partner with companies that agree to share suspect email messages with us. Our automated systems verify, detect, classify and block new threats. If you are interested in participating, please contact your Sales Manager for further details or simply start sending suspect emails to [email protected] for automated analysis.
Andre Correa
Co-Founder, Malware Patrol
Information Security and Threat Intelligence Professional whose qualifications include in-depth knowledge of Internet technologies, current cyber security landscape, incident response, security mechanisms and best practices. He founded the Malware Patrol project in 2005. The company is helping enterprises around the world to protect themselves from malware and ransomware attacks through some of the most comprehensive threat data feeds and block lists on the market.