There is little question about the criticality of protecting email accounts.
Any number of breaches underscores what can happen if email servers are compromised, from phishing attacks launched via trusted accounts to the theft or disclosure of proprietary information.
But failing to protect email servers also has other costs – it can give attackers a stepping stone to expand their reach in your environment.
As any good penetration tester or cybercriminal can tell you, the best way to compromise a high-value asset often isn’t to go straight for it. The most valuable assets on the network, after all, are the most likely to be well protected. Instead, attackers typically look to target a weaker link in the chain. Why try to come up with an exploit for a domain controller for example when it may be easier to compromise a system administrator with access to it?
In this same way, compromising an email server can be a significant boon for an attacker. Beyond compromising email accounts, these servers often provide a way for attackers to collect user passwords. This could lead to the compromise of other systems, because it is common for users to use the same password to access various systems. Just as dangerous is the prospect of attackers abusing the ‘forgot password’ function to reset the passwords of third-party accounts associated with compromised email addresses. Attackers can often change the password to one of their choosing, and then delete status update emails to hide evidence of the change from the victimized user. Attackers can use access to legitimate user accounts to hide many of the actions they take.
Compromising an email account also allows an attacker to communicate with other employees as a means to infect them and steal information, escalate privileges or take other action. The social engineering possibilities are significant - if an attacker can compromise a manager or executive for example, he or she could send an email to a subordinate and get them to carry out fraud or leak information.
With this much at stake, it is important for organizations to keep an eye on protecting their email servers. Firewalls and anti-malware solutions are the beginning; beyond that, organizations should also use IDS/IPS solutions and make sure the server is regularly patched to address vulnerabilities. In addition, it is vital for organizations to leverage multi-factor authentication for access. That means instead of just operating with passwords alone, users would also need another identifier such as token or fingerprint to access programs or systems.
Strong passwords are also important, as they can make the process of cracking protected passwords more time-consuming. As a general rule, the more difficult something is for an attacker, the more likely they are to move on and target something or someone else.
Protecting email servers is about more than simply keeping prying eyes away from internal messages, so it is vital for organizations to stay vigilant.