AOL Breach Could Bolster Phishers, Exposes Email Spoofing, Web Threats

The AOL Mail data security breach could yield enough valuable information to craft convincing phishing campaigns, according to security experts, who said the security incident is the latest in wide-scale targeting of web-based email accounts conducted by financially motivated cybercriminals.

AOL acknowledged on Monday that it was investigating the scale of the breach following reports of hijacked accounts late last week. The data exposed, according to the company, included email addresses, postal addresses, address book contact information, encrypted passwords and encrypted answers to security questions. It indicated that about 2 percent of its email accounts (it has approximately 24 million accounts and 2.5 million paid users, according to recent financial filings) were used in spoofing campaigns, designed to send spam and phishing messages to victims from an email user known to the recipient.

A long-standing attack technique targeting webmail typically involves using automated tools to steal the user account credentials or a brute-force attack to break into and gain control of a victim's email storage. The prize to criminals is a global spam industry worth billions and the ability to use the account to spread messages peddling counterfeit pharmaceuticals, pornography and other nefarious goods.

/**/ /**//**/ brightcove.createExperiences(); /**/

Webmail is no longer the most efficient way to carry out the activity, said security experts. Webmail providers have bolstered monitoring capabilities to identify suspicious activity from email users and freeze potentially hijacked accounts.

id
unit-1659132512259
type
Sponsored post

Many organized cybercriminals turn to cracking into hosted web servers or renting out powerful botnets to spread spam and phishing messages, said Rob Delevan, an IT security consultant and national account manager at Salt Lake City-based Wasatch I.T. The AOL Mail incident highlights why businesses and consumers can't let their guard down, Delevan said.

"This is an example of someone going after small fish and a shining example of why everyone is open to this kind of attack," Delevan said. "Consumers and businesses need to be proactive about account management, using strong passwords and being vigilant about potential attempts against their security."

AOL is urging Mail users to change their passwords and said it was putting enhanced protective measures in place to address the incident during its investigation. An analysis of the incident conducted by Trend Micro uncovered messages from spoofed accounts containing spam links to phishing pages.

"We saw that 94.5 percent of the users who visited the final landing page came from the United States," said Maria Manly, one of the firm's antispam research engineers. "Analysis also shows that these phishing pages are hosted in different countries, including Russia, the United States, Hong Kong and Germany."

AOL also modified its DMARC policy, a mechanism to combat spam, ensuring that bulk AOL mail is rejected if it doesn't come from an AOL server, Manly said.

NEXT: Providers Must Educate Small Business Owners About Web Threats

A serious problem associated with phishing attacks are infected websites, many of them owned by small business owners, said security experts. Businesses should ensure that the support contracts for their websites and web applications cover security issues, including probes by automated attack tools designed to identify and attack web application vulnerabilities, said Jason Tierney, founder and CEO of Bethesda, Md.-based BeyondIT Consulting LLC.

"It all comes down to having a support relationship with someone that is keeping up with patching and the threat landscape," Tierney said. "Small business owners can relay their concerns to them and they can take care of the problem and help you mitigate that risk, but oftentimes security issues aren't a concern until an incident takes place."

Meanwhile, employees should receive instruction to gain awareness of security issues and scams, Tierney said. Webmail and social media firms frequently monitor and detect attacks against user accounts conducted by operators of spam and phishing campaigns.

In January, Yahoo identified a "coordinated effort" to gain access to user accounts. The attackers used a third-party database to uncover usernames and passwords, and access Yahoo Mail accounts. The firm took the step to reset user names and passwords. Google Gmail, Microsoft Hotmail and other online mail servers also have been targeted in recent years by criminals that run phishing campaigns.

Facebook is also frequently identifying phishing attempts and other social networking scams mainly associated with third-party web applications that can hook into the company's service. The firm identified a Facebook black scam that lured victims by tricking them with the capability of customizing the color of their Facebook pages.

"These threats are going to continue to be a problem because they often target human fallibility," Tierney said. "The goal of business owners is to reduce the risk to their employees as greatly as possible, and education is one part of those measures."

PUBLISHED APRIL 29, 2014