Something as simple as forgetting to insert a dot in an email address could result in a major cyber security breach, according to a newly-published report.
The report describes the findings from research carried out by representatives of information security think tank the Godai Group. It describes how, after they set up web domains containing some of the most frequently-misspelt names, the researchers collected no less than 20 gigabytes worth of data, representing 120,000 messages that wouldn't normally have been received.
Among this data were passwords, user names and information relating to corporate networks and, from this, the researchers established that close to one-third of the US' 500 most profitable firms (the ‘Top 500') could be considered susceptible to cyber attacks.
The vulnerability issue's linked to the way email systems are set up in the world of business. A significant number of businesses have a hierarchical URL set-up in place, with a main domain and, below that, sub domains for divisions within the firm. The words that make up these sub domains are separated by dots creating, for example, something like ‘bank.com' as the main domain and ‘us.bank.com' for a sub domain.
Misspelt email addresses, intended to be sent through to these sub domains, aren't normally delivered and, instead, are bounced back to the original user. The potential's there, however, for cyber criminals to exploit this scenario by creating lookalike domains (so-called doppelganger domains) with the goal of deliberating attracting emails containing misspelt addresses and that's exactly what the researchers did.
‘Doppelganger domains have a potent impact via email as attackers could gather information such as trade secrets, user names and passwords, and other employee information', they said in their report, adding: ‘essentially, a simple mistype of the destination domain could send anything that is sent over email to an unintended destination.'
Of the misspelt company domains that the research team created, reportedly only one of the firms involved realised what was happening and took action to confront the cyber security concern.
"It's striking that the researchers managed to capture so much information by focusing on just one common mistake", Sophos blog contributor Mark Stockley was quoted by the BBC as having said.
"A determined attacker with a modest budget could easily afford to buy domains covering a vast range of organisations and typos."
See also:
Companies supplying Email Security
Companies supplying Internet Security
0 comments:
Post a Comment