Home > Security News > IM threats grow, response lags
Security News:
EMAIL THIS

IM threats grow, response lags

By Bill Brenner, Senior News Writer
01 Feb 2006 | SearchSecurity.com

Security Wire Daily News
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google

Threats against instant messaging (IM) programs surged dramatically last year and bigger attacks are likely in 2006. But it'll probably be some time before IT shops implement adequate defenses.

That assessment comes from Waltham, Mass.-based IMlogic Inc. and San Diego-based Akonix Systems Inc. The vendors, both of which focus on selling IM security products, released reports last month showing that IM-related security incidents in 2005 skyrocketed versus the year before. In the case of a survey conducted by Akonix, many IT administrators acknowledged they haven't thought much about such threats. Instead, they're focusing primarily on e-mail threats.

"IT departments have spent a lot of money on security. They've hardened the castle walls but left the drawbridge open with IM," said Art Gilliland, VP of products for IMlogic. "The big problem is that IM is user-deployed." In most cases, Gilliland added, it's actually like a hidden form of communication. A lot of IT professionals may not know the extent to which it's used in their organizations.

A 1,700% increase in security incidents
IMlogic recently released two new reports -- one a review of the 2005 threat landscape; the other a look at the top five IM security risks for 2006. The reports cite an almost 1,700% increase in reported incidents in 2005, compared to all reported incidents in 2004. IMlogic, which is being acquired by AV giant Symantec Corp., said that included a dramatic increase in the depth and breadth of real-time security attacks, including viruses, worms, spam over IM (SPIM) and phishing attacks.

Also last year, the IMlogic Threat Center found:

  • 2,403 unique IM and P2P threats, including IM-specific attacks and blended threats targeting IM and P2P applications
  • 90 % of IM-related security attacks included worm propagation; 9% delivered viruses; 1% of reported incidents exploited known client vulnerabilities or exploits
  • 57% of incidents targeted MSN Messenger, Windows Messenger and the MSN network
  • 34% of incidents targeted AOL Instant Messenger, the AOL Instant Messenger network, ICQ and the ICQ network
  • 9% of incidents targeted Yahoo! Messenger and the Yahoo! Messenger network

A breakdown by individual product is included in the report.

The document also showed the growing sophistication of real-time threats. The first talking, "intelligent" worm was identified (IM.Myspace04.AIM) in 2005, the report said, adding, "The worm not only broadcast malicious messages to other users of IM, but also interacted with potential victims without the infected user being aware of an attempt to dupe potential victims into activating the worm on their local machine."

The year also saw a dramatic spike in the number of mutating attacks, including significant mutations on all the major consumer IM networks. "With 140 total mutations and detection on all the major IM networks, the Kelvir worm was the leader in IM threat mutations, followed by Bropia with 29 mutations and Opanki with 26 mutations," the report said.

"Why are the numbers so high today? IM is really growing in terms of use. Because of the popularity, it's a more attractive target to hackers and virus writers," Gilliland said. "The specific number of threats is not huge, but it's much more than the year before. So the percentage ends up being quite large."

More on IM threats

September sees surge in IM threats

IM/P2P threats surge ahead

IM adoption slowed by security, compatibility concerns
It's hard to say if the percentages will remain so astronomical, he said, adding, "We're still a small percentage of the overall threat an enterprise deals with. You may see similar numbers for the next two years."

A look at the year ahead
For 2006, IMlogic predicts:

  • Network interoperability and continued IM adoption will accelerate the volume of IM threats -- "Forecasted growth of both consumer and enterprise IM, combined with the increasingly connected nature of disparate IM systems, will lay the groundwork for large-scale IM attacks that reach across disparate networks," the report said.

  • Expanded IM functionality will increase the number of attack vectors -- "The convergence of IM, VoIP, virtual conferencing and other real-time communication capabilities will provide new opportunities for the propagation of sophisticated IM attacks," the report said.

  • More sophisticated and even "intelligent" worms will increase infection rates -- "The increasing complexity and agility of IM threats will result in attacks being less likely to be immediately detected by an end-user making these types of attacks more dangerous and costly," the report said.

  • Instant messaging will continue to attract online criminals -- "Cyber-criminals will increasingly be drawn to IM because of its proven ability to efficiently deliver malicious payloads via social engineering tactics," the report said.

  • Intellectual property leaks from internal threats will drive financial loss -- "Intellectual property loss will come to the forefront as IT and security organizations begin monitoring file transfer usage more closely as part of established corporate IM communications policies," the report said.

    Akonix worried about IM apathy
    IMlogic's assessment that IM threats are getting worse is shared by Akonix, which recently surveyed more than 100 organizations and found that IM threats aren't on the radar screen for most of them. Only 11% reported having IM security tools in place, compared to 73% who use e-mail security programs. Incredibly, the company said, almost 50% of respondents replied that "an IM hygiene solution never crossed my mind."

    "This huge gap between the security applied to e-mail and that applied to IM is particularly alarming, since 47% of respondents indicated that the e-mail/messaging organization has responsibility for securing both e-mail and instant messaging," Akonix said in a statement. "The results show that many corporate information technology organizations have left gaping holes in the defense of their networks and systems by failing to address new threats in a timely fashion."

    Akonix also observed a steep rise in IM threats last year. For example, its security team tracked 62 IM-based attacks in November, a 226% increase over the previous month, the company said.

    "The astonishing conclusion of these survey results is that organizations have spent millions of dollars and man hours securing their e-mail systems, but have barely begun to address the rapidly growing threat of virus, worm or malicious code attack through employee use of instant messaging," Don Montgomery, Akonix's vice president of marketing, said in the statement. "As the most rapidly adopted communications medium in history, IM has already become an indispensable business tool. Our research shows, however, that the security protection of IM is not keeping up with its adoption."

    Advice for IT administrators
    IT shops aren't helpless against the IM threat, Gilliland said. But at this point it's hard for enterprises to strike a balance between productive IM use and transmitions that should be blocked.

    "If the objective is to block all IM use, you can block it through firewall configurations," he said. "Some companies do that. The challenge is that it's not necessarily easy. And you are stopping all the productive use of IM."

    For IT managers who want to get a better handle on IM use in their company, Gilliland said a good starting point is for them to know what their business objectives are and see where IM fits in. Then they should adopt an infrastructure to manage it. Not surprisingly, he used his company's IMlogic IM Manager as an example.

    "Our system sits in the data center and captures all IM traffic," he said. "You can turn it on or off, map users to their corporate credentials, which allows you to enforce policies by department, and you can decide for yourself that one department can use IM, others can't, or everyone can use it but they can't do file transfers."

    Tags: IM Security Issues, Risks and ToolsApplication Attacks (Buffer Overflows, Cross-Site Scripting)Malware, Viruses, Trojans and SpywareVIEW ALL TAGS

    Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


    RELATED CONTENT
    IM Security Issues, Risks and Tools
    What are effective ways to stop instant messaging (IM) spam?
    Secure messaging complications result in limited protection
    Is it possible to ban chat programs on an enterprise LAN?
    How to lock down instant messaging in the enterprise
    AOL closes AIM attack vector, but risks remain
    Researcher says AIM still vulnerable, AOL insists it's fixed
    Serious security flaw in AOL Instant Messenger
    Security flaws found in AOL, Yahoo IM programs
    Flaw found in MSN Messenger
    AOL, Yahoo, Trillian IM applications under threat

    Application Attacks (Buffer Overflows, Cross-Site Scripting)
    PCI management: The case for Web application firewalls
    Month of Twitter Bugs project to document Twitter flaws
    Adobe issues first quarterly patch release fixing 13 flaws
    Balancing security and performance: Protecting layer 7 on the network
    Adobe issues Reader update fixing zero-day flaw
    The Pipe Dream of No More Free Bugs
    Security Squad: Federal cybersecurity defenses
    Oracle issues 43 updates, fixes serious database flaws
    Attackers target new Microsoft PowerPoint zero-day flaw
    How to detect input validation errors and vulnerabilities
    Application Attacks (Buffer Overflows, Cross-Site Scripting) Research

    Malware, Viruses, Trojans and Spyware
    How to defend against rogue DHCP server malware
    New Trojan stealing FTP credentials, attacking FTP websites
    Cybercriminals exploit Michael Jackson, Farrah Fawcett deaths
    When BIOS updates become malware attacks
    Antispyware buying guide for Indian enterprises
    PCI compliance requirement 5: Antivirus
    Hacker attack techniques and tactics: Understanding hacking strategies
    Rootkit Hunter demo: Detect and remove Linux rootkits
    Botnet threats and countermeasures
    Conficker worm much smaller than feared

    RELATED GLOSSARY TERMS
    Terms from Whatis.com − the technology online dictionary
    greynet  (SearchSecurity.com)

    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary



    • More Tips to Secure Your Network
    Focused on Channel Security?
    TechTarget Security Media
    Information Security View this month\\'s issue and subscribe today.
    Information Security Decisions Apply online for free conference admission.
    		SearchSecurity.com
    HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
    SEARCH :     Site Index Powered by: Search Powered by Google

    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Site Map




    All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts