The DDoS attack of a different kind - 65,000 e-mails overload server!
An e-mail to 65,000 recipients can put a strain on your own infrastructure - and provide a DDoS attack of a different kind. Email distribution lists can be hand...
Vincent Heinen Abteilungsleiter Offensive Services TL;DR
A misconfigured email distribution list at the Free and Hanseatic City of Hamburg triggered a self-inflicted DDoS attack when 65,000 employees received an unintended notification, causing the mail servers to struggle for about 2.5 hours. The incident highlights the risks of oversized distribution lists: they burden infrastructure, amplify damage from compromised accounts, and waste significant work time. Best practice is to use newsletter services for mass mailings and restrict employee rights to send organisation-wide emails.
Table of Contents (3 sections)
An e-mail to 65,000 recipients can put a strain on your own infrastructure - and provide a DDoS attack of a different kind. Email distribution lists can be handy: Target group-oriented approach, without much effort. However, given the size of the mailing list, you should not overdo it.
Calendar setting changed - all informed.
The mishap was triggered by an employee who changed her authorizations for her released calendars. Up to this point, day-to-day business. However, the mistake was caused by the wrong distribution list. All employees of the FHH (Free and Hanseatic City of Hamburg) then received a mail. This alone can bring one or the other e-mail server to its knees. However, when colleagues pointed out their mistake to the person, some e-mails were also sent to the entire mailing list. At the latest here the load is rounded off. And the e-mail servers are at their limit.
The somewhat different DDoS attack - self-triggered!
Reach all employees quickly. Very useful in an emergency or to quickly send an important message. But despite the functionality, the target groups should be divided. This will increase the workload, but reduce the likelihood of such an incident. Separating e-mails into different lists also limits the damage that can be caused by compromising a corporate e-mail account. If there are several lists, the attacker must guess, try and test them. If there is “one” list, enormous damage can be caused. The problem was rather annoying at the end of the day - not problematic. But enough working time was wasted by the incident. It took about 2 1/2 hours to normalize the infrastructure.
Extensive e-mail recipients, broadcast news & newsletter
We recommend that you always use newsletter services when sending extensive mails. From a certain contingent these become liable to pay costs - but the own infrastructure is not burdened by it. As a rule, employees do not need the rights to send an e-mail to all employees. This function should, if needed in this size, be implemented via a newsletter service. That can be if necessary also the own.
Monthly Threat Report
Chris Wojzechowski bewertet einmal im Monat die aktuelle Bedrohungslage aus Sicht eines Informationssicherheitsexperten. Sein 30-köpfiges Team ist näher an realen Cyberbedrohungen dran als kaum jemand sonst — mit konkreten Handlungsempfehlungen, die Sie am nächsten Morgen umsetzen können.
Bestseller-Autor (Wiley-VCH) · M.Sc. Internet-Sicherheit · Bekannt aus Handelsblatt & WamS
Zuletzt behandelt
1x im Monat · Kein Spam · Jederzeit abbestellbar · Datenschutz
Next Step
Our certified security experts will advise you on the topics covered in this article — free and without obligation.
Free · 30 minutes · No obligation
