When it comes to cyber security, there has always been a strong ‘cat and mouse’ element: with the right help, businesses become better able to protect their data and systems from security threats - so criminals respond to this by trying to find new ways to deliver their payloads. Evidence suggests that the latest threat comes in the form of a spamming technique dubbed “hailstorm”.
We explain what it is, what risks it poses and what businesses can do to stay safe.
What is hailstorm?
If you think of malware as the cyber-criminal’s payload, hailstorm is essentially a new and improved means of delivering it.
A key aspect of any security system is email anti-virus and anti-spam protection - including the means to identify and isolate abnormal email flows. One of the ways spammers try to get around this is through a technique known as “snowshoe spamming”. Here, spam email is spread via a large number of IPs - and the ‘flood’ of emails occurs over days or weeks. With this technique, it becomes possible to disguise a spamming strategy as regular email flow.
But increasingly, security solutions have the ability to identify and act against snowshoe spamming attempts - not least because security specialists have access to databases of hosts from which the spam floods tend to originate. So spammers have sought to get around this through a technique known as “hailstorm”.
As with snowshoe, hailstorm campaigns are conducted via a large number of sender IP addresses. The big difference concerns the timeframe: hailstorm floods are dispatched over a very short period of time - often well before anti-spam measures can update and respond.
Why is this a live issue?
Cisco Talos has identified a spike in the number of hailstorm campaigns over the last year. Of the sources of these attacks, US Germany, Netherlands, UK and Russia come top.
This correlates with a wider general increase in the volume of spam email being encountered. Cisco’s data suggests that the volume of spam sent between 2010 and 2015 remained constant at around 1,500 messages per second. By last year, that number had spiked to around 3,000 per second.
What are the threats to business?
Spam email has traditionally been regarded by many businesses as a ‘nuisance’. It’s important to appreciate, however, that its repercussions can reach far beyond clogging up inboxes and taking up time.
It has always been the case that spam campaigns are a favoured tactic for less than scrupulous companies with poor reputations offering goods and services. It remains as important as ever for businesses to be alive to the risk of being hoodwinked by such unsolicited approaches.
Beyond this, evidence suggests that between 8% and 10% of spam emails are malicious, including phishing attempts and means to spread malware.
Kaspersky refers to one such notable example here in the UK. In this, a hailstorm campaign was used to distribute a message purporting to be from Companies House. Recipients were lured into opening a malicious Word doc headed “Complaint.doc.” Opening the file executed the TrickBot banking Trojan virus.
As hailstorm techniques evolve (as they almost certainly will do), it remains vital that businesses remain vigilant to it. Anti-virus and anti-spam measures should go hand in hand: effective, continuous protection involves having measures in place that are constantly updated and revised. Coupled with this, businesses should ensure that company-wide email security policies are applied and adhered to. This means that if a hailstorm threat slips through the net, the chances of a breach through human error are substantially reduced.