It’s Tax Identity Theft Awareness Week in the United States, which means that tax-related identity theft happens often enough to get the government’s attention. The Federal Trade Commission (FTC) and Internal Revenue Service (IRS) have provided the public with a number of resources to help raise awareness on this issue. In this article, the FTC gives a short description on how tax identity theft works:
For many people, the term “hacking” means that a criminal has broken through a firewall to get access to a network. The firewall is one of the easiest security concepts for people to understand, and often is thought of as the guard at the gate who provides entry based on a list of authorized visitors or other criteria. It helps that the term “firewall” originated outside of IT as a literal physical wall that was meant to prevent a fire from spreading, so the word itself was already in the public vernacular before the Internet was popular. ‘Firewall’ is also one of the oldest internet security terms, having been formally introduced by academia in the 1980’s. Because of the history and context of the term, it makes sense that people tend to think that the firewall is what gets “broken” in a hack.
Modern firewalls are much more than a gate that allows traffic in and out based on simple rules. The latest firewalls provide several other functions, such as DHCP, secure VPNs, Link balancing, and more. As business needs have evolved with the rise of branch offices, remote workers, and SaaS applications, the network firewall has evolved to keep pace and aggressively protect the network perimeter and provide the necessary services to enable the business it protects.
So far in our series we’ve talking about ransomware, threat vectors, and the technologies that we use to protect you. Now let’s take a look at email and why it’s the biggest and most exploited threat vector of all.
The weakest point of security in any organization is the users, either due to a lack of awareness or security fatigue. Attackers know this, and they target users through email because with a working email address, a malicious but well-crafted attack could easily get in front of a vulnerable employee. Attackers are also very determined, so they will continue to pursue a target-rich environment until they find a gap in defenses. A recent Consumer Affairs article reports that as many as one-third of AV scanners failed to find malware samples in a two month test. That’s why attackers keep trying, even when they know a company has anti-virus protection in place.
Barracuda Essentials for Office 365 customers can now access security training at no cost thanks to a new partnership between Barracuda and KnowBe4. The training focuses on helping users identify potential threats like phishing and ransomware. For full details, see the press release here.
KnowBe4 is one of the world’s most popular integrated new school security awareness training and simulated phishing platform, is used by more than 6,500 organizations worldwide. Because users are often the weakest link in a security system, KnowBe4 offers educational courses and simulations that help users become an additional layer of security for the company.
According to the FBI, Business Email Compromise (BEC) is now a $3.1B business. The FBI defines BEC as “a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.” This has also become known as Spear Phishing.
I spend a lot of time talking with customers about their business and how they run their IT infrastructure to meet those business needs. Traditionally, IT’s primary role has been to deploy and manage infrastructure and applications that drive their business. Because of the evolving threat landscape, IT has been forced to a position of protecting users from themselves.
As the Senior Vice President and General Manager of the Security Business at Barracuda, I would like to personally explain the recent incident that significantly degraded our email security service and impacted our customers.
The facts of the incident
At 7pm PST on Tuesday, November 1, 2016, the Barracuda Essentials for Email Security Service began experiencing an unusually high volume of unsolicited inbound DNS responses appearing to be from thousands of globally distributed hosts. This traffic, which was spurious and polymorphic impacted email delivery, message log, and quarantine logs. Our real-time monitoring system immediately identified the increased traffic, and we quickly began deploying defensive measures to address the surge. These measures restored mail flow through the day as we mitigated the impact of the increased traffic load.
While mail delivery was delayed for some customers, there was no email lost in this incident. Furthermore, Barracuda threat scanners remained operational, and the UI was accessible throughout the troubleshooting process. Normal delivery has resumed and any email temporarily delayed has been successfully processed.
At this time, all systems remain fully operational. We are closely monitoring the situation and implementing additional measures to strengthen our infrastructure.
Some customers using the Barracuda Essentials for Email Security solution are experiencing delays in incoming email delivery, accessing the message log and end user quarantine interfaces. Other parts of the administrative user interface are fully accessible. We are actively working on the problem. Our initial investigations revealed an unusually high volume of inbound connections from multiple unverified source IPs. We are in the process of sanitizing this traffic. As a result, the quality of service is gradually improving.
Our first priority is to restore the services to full capacity. We will provide more information as it becomes available. Thank you for your patience.
For more information on this issue, visit our Essentials for Email Security peer support forum here. You can also follow our updates on our status page at status.barracuda.com.