Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    August 2014
    S M T W T F S
    « Jul    
     12
    3456789
    10111213141516
    17181920212223
    24252627282930
    31  
  • About Us

    In many enterprises today, guarding against data breaches and targeted attacks is one of the top concerns of IT administrators. One of the things that administrators guard against is reconnaissance and targeting of any potential high-value personnel who may fall victim to a targeted attack. A less obvious source of information leakage, however, is the humble out-of-office notification.

    Consider what the typical content of an out-of-office notification is. It will have a brief explanation of why the respondent is out of the office, who the sender can alternately contact instead, and an estimate of when they will return to the office. It may also include the user’s email signature, if he has one.

    Individually, this may not be a great deal of information. However, it is easy for would-be attackers to gather multiple out-of-office notifications. Based on our research into spear-phishing (the findings of which will be released in an upcoming paper), the e-mail addresses of about half of all spear-phishing recipients can be found online using Google. In many cases, corporate e-mail addresses follow a predictable firstname_lastname@companyname.com format as well; this makes many addresses “known” so long as an employee’s name is known.

    The approaching holidays gives would-be attackers a great opportunity to carry out this attack. In the United States, many workers will be on a long vacation over the Thanksgiving holiday. Later in the year, the Christmas/New Year period will see a similar opportunity – on an even larger scale.

    So, what can users and IT administrators do? Fortunately, e-mail server software has had the capability for several years now to properly control out-of-office notifications. For example, users can set one notification message to appear to people within an organization, while setting another for those outside it. Administrators can impose more sophisticated controls. Some users may not be allowed to send out-of-office notifications to external domains at all; rules can also be set adding specific domains to a blacklist/whitelist, depending on what level of security is desired.

    Users may also want to consider limiting the information that they include in notifications: for example, instead of saying who to contact, the message may say instead to notify “my manager” or “my subordinates”. (The sender would presumably know who these people are.) Users may also opt not to use the feature at all, instead sending an email manually saying they’re out of the office to likely correspondents.

    All in all, out of office notifications represent a valuable target for reconnaissance by determined attackers, but is a threat that can be secured within reason by users and administrators. What is needed is awareness that this threat even exists – which, hopefully, is something this entry has achieved.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    Comments are closed.



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice