Large UK companies bear the brunt of cyber attacks
New research indicates that large UK companies are bearing the brunt of cyber attacks, yet some 20 per cent are in the dark about attacks on their systems.
Security appliance and anti-phishing experts Tumbleweed polled 100 IT Directors in the UK and found that a third of large firms had been hit by a Denial of Service (DoH) attack on their email servers in the past year.
Swamping those same servers with emails in order to work out valid email addresses for a company also proved a big headache with 20 per cent of large companies having fallen foul of such an assault in the UK.
Smaller companies fared better, and when added into the mix bring the figures down to one in six for DoS attacks and one in ten for these Directory Harvesting Attacks (DHA).
But the true figures may be higher still, as 20 per cent of those polled said they had no idea whether their companies had fallen victim to these attacks.
The level of invalidly-addressed emails is staggering. The majority of those asked put the level at 25 per cent of the total, but in the financial services market more than half of email traffic is wrongly addressed.
The technique is popular with phishing scams. By focusing on harvesting valid email addresses for a company’s domain, the attacker can create a very well targeted spoofing scam designed to procure passwords, identity information and financial credentials.
Indeed, it’s not unusual for email addresses to form part of the credentials needed to log on to the network. And once an attacker has this, it is a relatively short route to try and crack the passwords to a small set of email addresses.
David Carey, technical director at Tumbleweed Communications EMEA, said: ‘The threat posed by unwanted, unsolicited emails goes far beyond the inconvenience and time-wasting burden of having to remove it from a network. Spammers and online fraudsters are becoming increasingly sophisticated and can bring down a network relatively easily with a DoS attack or gain access to a corporate network and confidential files through using a DHA as part of a sophisticated Phishing scam. Our study revealed an alarming proportion of IT directors are completely unaware of whether they have been attacked by a DoS or DHA in the last year. It’s important those with IT responsibilities ensure they protect their corporate systems as stringently as possible, to not be aware of system activity is simply irresponsible.’