Directory Harvesting Attacks (DHA)

Security 101: Directory Harvesting Attacks (DHA)

Spam has plagued e-mail users since its inception. Users obtain a brand new e-mail address only to be pummeled with spam and phishing campaigns usually within a matter of hours.

Without fail, cybercriminals seem to have access to a never-ending supply of e-mail addresses and other personally identifying information to fuel spam, phishing and malware activities.

That isn’t by accident. One of the ways cybercriminals can tap into that bottomless well of personally identifying information is through a Directory Harvesting Attack (DHA).

“A DHA is an assault on an e-mail server in an attempt to pilfer legitimate e-mail addresses that can be added to databases for future spam campaigns. The attack occurs when spammers leverage known e-mail addresses to uncover other legitimate e-mail addresses from corporate or ISP servers.”

Cybercriminals generally execute this attack in one of two ways.

· The first, and most sensational, method is via a brute force attack, which bombards an e-mail server with all possible alphanumeric combinations in an attempt to decipher the username of the address.

· The second, more selective method entails sending messages to the most likely usernames by using all possible name combinations. The e-mail server issues a “Not found” message for e-mail addresses that don’t exist, but doesn’t return any communications for valid addresses. The DHA attack then compiles all the e-mail addresses not returned by the server, and then adds them to a database as fodder for current or future campaigns.

It should come as no surprise, then, that DHA attacks are the tool of choice for spammers and phishers alike. They help supply spammers with a seemingly endless stream of targets, eliciting copious returns in exchange for relatively little upfront investment.

For end users, DHAs have many challenges. For one, spam occupies the vast majority of inbox e-mail. In recent years, mass mailer spam has experienced a decline, but messages with malicious attachments and targeted phishing links are on the rise, according to reports.

As with other forms of malware, DHAs place additional strain on user systems, burdening public and private e-mail servers when the network is bombarded with mostly unsolicited and unwanted e-mails. And successful DHA attacks wreak havoc by generating myriad privacy issues, especially when the lists of compromised user data is made public.

In recent years, directory harvesting has been equipped with enhancements, thanks to the increased reliance on spambots – automated programs that generate copious amounts of spam.

In short, directory harvesting still poses significant security challenges that aren’t going away any time soon. However, there are ways to reduce the effects of directory harvesting and control the amount of spam in user inboxes.

The user will require a comprehensive e-mail security solution to combat the problem on numerous fronts. An e-mail security strategy needs to ensure secure e-mail delivery through encryption technologies , which can incorporate PKI, key exchange, client software and the ability to send e-mail without a pre-existing relationship to the receiver.

Another robust e-mail security mechanism includes reputation protection , aimed at throttling and blocking inbound and outbound spam and malware by examining a program’s history to determine its current and future behaviors.

Rounding out a comprehensive e-mail security arsenal is data leak prevention (DLP) , which prevents valuable data and sensitive personally identifying information from exiting the network via e-mail, either in the body of the message or as an attachment.

Finally, IT administrators need to create sound security policies and appropriate rules to handle messages containing a high number of spoofed messages and unresolved addresses.

See more at: http://blog.fortinet.com/Security-101–Directory-Harvesting-Attacks–DHA-/#sthash.g22aeM2O.dpuf