Healthcare providers are cautioned regarding the peril of email bombing attacks. These attacks are a form of denial-of-service (DoS) attack targeting email platforms. Just like other forms of DoS attacks, the goal is to make systems inaccessible. These attacks, also called letter bomb or mail bomb attacks, typically require a botnet or a system of malware-infected computers controlled by an attacker.
When a target is chosen, an email server is bombarded with thousands of emails overloading the email platform. These attacks are a headache for the victim; nevertheless, these attacks can conceal other malicious actions. For instance, security alerts may be concealed inside all the email messages so that alerts are missed. Those alert email messages may be regarding attempts to log into accounts, information on account data including modifications to contact details, details about financial transactions, or purchase confirmations. These attacks may likewise be utilized as a diversion to attract the interest of security teams while attacking other systems. Whenever email servers are affected by email bombing attacks, system functionality is usually reduced which can result in direct business outages.
There are different kinds of email bombing attacks, for instance, the registration bombs. These attacks utilize computerized bots to spider the web to locate newsletter registration forms on legit sites. The targeted end user is then registered to thousands of newsletters at the same time, causing the user to get a constant stream of unwanted email messages. Another type of this attack entails link listing. Email addresses are used to sign up for several subscription services without verification. These attacks result in the receipt of emails for months or years following the preliminary attack. Furthermore, the email addresses of victims are usually used for numerous phishing, smalling, and malware lists.
Attachment attacks require mailing several emails having big attachments, which are made to delay mail sending and go over server storage space, making email servers unresponsive. A zip bomb attack, also known as a zip of death or decompression bomb attack, entails a big, compressed archive that is mailed to an email address, which uses accessible server assets when decompressed, hence affecting server functionality. Email bombing attacks could be performed by just one actor or a team of actors, and threat actors provide these kinds of services on the dark web. One highly respected vendor of these services asks for $15 per 5,000 messages, with fees going down according to the amount of messages needed. For example $30 per 20,000 messages.
In a new HC3 Sector Notification, the HHS Health Sector Cybersecurity Coordination Center (HC3) shared a case of a damaging attack that occurred in 2016 where an unidentified group of attackers used email bombing attack on thousands of .gov email inboxes by submitting subscription requests for legit businesses. The attack made the email system inaccessible for a few days. Companies and individuals are urged to use protections, and security guidelines, and deal with user behavior so as to avoid potential attacks, stated HC3. Considering the possible effects of this kind of attack on the HPH sector, particularly regarding unresponsive email addresses, reduced system functionality, and possible outage of servers, this kind of attack continues to be applicable to all users.
HC3 gave guidance on how to prevent these attacks and also mitigations for companies that encounter an email bombing attack. To protect against attacks, end-user conduct, and technical procedures are recommended, for example training IT professionals about these kinds of attacks in security awareness training and telling workers not to subscribe to non-work-connected services using their email addresses at work. Online exposure could likewise be restricted by utilizing contact forms that don’t compromise email addresses. Workers must be informed how they could identify an ongoing attack, and when one happens, advised to never get involved as this can certainly lead to escalation. In case of an attack, workers ought to quickly get in touch with their IT or cybersecurity staff.
Companies can safeguard against these attacks using a reCAPTCHA, which confirms whether a human is utilizing the platform. reCAPTCHA stops bots from hijacking registration procedures that can aid email bombing attacks. In case of an attack, email admin must get in touch with their email vendor, who can provide support in taking away the spam/junk email messages from the email platform.