Email Bomb Attacks: A Threat to Enterprise Security

Attack overview:

A novel cyber threat, known as an “email bomb” attack, is affecting organizations and individuals around the globe. The threat involves flooding user inboxes with unwanted spam emails.

In effect, this buries legitimate communications — those from colleagues and business partners — underneath an avalanche of emails, preventing users from proceeding with day-to-day activities.

The attack is typically launched to provide cloud cover for more nefarious cyber criminal enterprises; from changing corporate account information, to making unauthorized purchases, to theft of intellectual property.

How it works:

As noted previously, an email bomb attack inundates users’ inboxes with email messages, often in the form of newsletter subscriptions or account creation confirmations. "Thank you for signing up!"

Attackers make this happen by deploying bots to subscribe existing and legitimate email addresses to hundreds or thousands of different mailing lists (although, cyber criminals can also buy or rent this capability from dark web sites.)

Once the attack starts, the volume of emails will quickly overwhelm the recipient. This renders it challenging for the recipient to access legitimate communications. Meanwhile, the cyber criminals execute on their fraudulent and pre-planned pursuits. 

In the wild:

Recently, a data scientist at a fraud prevention company, Katherine Wood, experienced the effects of email bombing first-hand. Her typically tranquil inbox was inundated with thousands of messages, which pertained to accounts and subscriptions that she had never requested.

The cyber criminal’s intent quickly became apparent. The individual wanted to conceal evidence related to an unauthorized iPhone 15 purchase that was made using Wood’s credit card and email address.

Healthcare sector warning:

The U.S. Department of Health and Human Services has issued a warning about email bomb attacks, particularly concerning their potential impact on the healthcare sector.

Email bombers may aim to obstruct critical communications, such as alerts about account breaches or unauthorized access attempts, while conducting malicious activities – some of which could interrupt access to lifesaving care.

The Health Sector Cybersecurity Coordination Center (HC3) notes that “email bomb” attacks can also manifest as “attachment bomb” attacks, with email attachments that are designed to overwhelm an organization’s online storage capacities.

Preventing email bomb attacks:

To prevent email bomb attacks, experts recommend applying the following measures:

1. Configure detection parameters for email bomb attacks in security settings.
   
   
2. Set thresholds for the number of emails an inbox can receive, within a specific timeframe, from new senders.
   
   
3. Establish workflows to handle emails exceeding the threshold, such as marking them as Spam, Suspected Phishing, or Phishing.
   
   
4. Regularly review and update email security policies.
   
   
5. Educate employees about the risks of email bomb attacks. 
   

Check Point is committed to anticipating and addressing new cyber security challenges and to providing clients with cutting-edge protection amidst an ever-changing threat landscape.

For more information about how cyber security platforms, like Harmony Email & Collaboration, can protect your organization, click here. Or speak with a representative today – Get a demo.