Home > Security News > IM threats grow, response lags
Security News:
EMAIL THIS LICENSING & REPRINTS

IM threats grow, response lags

By Bill Brenner, Senior News Writer
01 Feb 2006 | SearchSecurity.com

Security Wire Daily News
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google

Threats against instant messaging (IM) programs surged dramatically last year and bigger attacks are likely in 2006. But it'll probably be some time before IT shops implement adequate defenses.

That assessment comes from Waltham, Mass.-based IMlogic Inc. and San Diego-based Akonix Systems Inc. The vendors, both of which focus on selling IM security products, released reports last month showing that IM-related security incidents in 2005 skyrocketed versus the year before. In the case of a survey conducted by Akonix, many IT administrators acknowledged they haven't thought much about such threats. Instead, they're focusing primarily on e-mail threats.

"IT departments have spent a lot of money on security. They've hardened the castle walls but left the drawbridge open with IM," said Art Gilliland, VP of products for IMlogic. "The big problem is that IM is user-deployed." In most cases, Gilliland added, it's actually like a hidden form of communication. A lot of IT professionals may not know the extent to which it's used in their organizations.

A 1,700% increase in security incidents
IMlogic recently released two new reports -- one a review of the 2005 threat landscape; the other a look at the top five IM security risks for 2006. The reports cite an almost 1,700% increase in reported incidents in 2005, compared to all reported incidents in 2004. IMlogic, which is being acquired by AV giant Symantec Corp., said that included a dramatic increase in the depth and breadth of real-time security attacks, including viruses, worms, spam over IM (SPIM) and phishing attacks.

Also last year, the IMlogic Threat Center found:

  • 2,403 unique IM and P2P threats, including IM-specific attacks and blended threats targeting IM and P2P applications
  • 90 % of IM-related security attacks included worm propagation; 9% delivered viruses; 1% of reported incidents exploited known client vulnerabilities or exploits
  • 57% of incidents targeted MSN Messenger, Windows Messenger and the MSN network
  • 34% of incidents targeted AOL Instant Messenger, the AOL Instant Messenger network, ICQ and the ICQ network
  • 9% of incidents targeted Yahoo! Messenger and the Yahoo! Messenger network

A breakdown by individual product is included in the report.

The document also showed the growing sophistication of real-time threats. The first talking, "intelligent" worm was identified (IM.Myspace04.AIM) in 2005, the report said, adding, "The worm not only broadcast malicious messages to other users of IM, but also interacted with potential victims without the infected user being aware of an attempt to dupe potential victims into activating the worm on their local machine."

The year also saw a dramatic spike in the number of mutating attacks, including significant mutations on all the major consumer IM networks. "With 140 total mutations and detection on all the major IM networks, the Kelvir worm was the leader in IM threat mutations, followed by Bropia with 29 mutations and Opanki with 26 mutations," the report said.

"Why are the numbers so high today? IM is really growing in terms of use. Because of the popularity, it's a more attractive target to hackers and virus writers," Gilliland said. "The specific number of threats is not huge, but it's much more than the year before. So the percentage ends up being quite large."

More on IM threats

September sees surge in IM threats

IM/P2P threats surge ahead

IM adoption slowed by security, compatibility concerns
It's hard to say if the percentages will remain so astronomical, he said, adding, "We're still a small percentage of the overall threat an enterprise deals with. You may see similar numbers for the next two years."

A look at the year ahead
For 2006, IMlogic predicts:

  • Network interoperability and continued IM adoption will accelerate the volume of IM threats -- "Forecasted growth of both consumer and enterprise IM, combined with the increasingly connected nature of disparate IM systems, will lay the groundwork for large-scale IM attacks that reach across disparate networks," the report said.

  • Expanded IM functionality will increase the number of attack vectors -- "The convergence of IM, VoIP, virtual conferencing and other real-time communication capabilities will provide new opportunities for the propagation of sophisticated IM attacks," the report said.

  • More sophisticated and even "intelligent" worms will increase infection rates -- "The increasing complexity and agility of IM threats will result in attacks being less likely to be immediately detected by an end-user making these types of attacks more dangerous and costly," the report said.

  • Instant messaging will continue to attract online criminals -- "Cyber-criminals will increasingly be drawn to IM because of its proven ability to efficiently deliver malicious payloads via social engineering tactics," the report said.

  • Intellectual property leaks from internal threats will drive financial loss -- "Intellectual property loss will come to the forefront as IT and security organizations begin monitoring file transfer usage more closely as part of established corporate IM communications policies," the report said.

    Akonix worried about IM apathy
    IMlogic's assessment that IM threats are getting worse is shared by Akonix, which recently surveyed more than 100 organizations and found that IM threats aren't on the radar screen for most of them. Only 11% reported having IM security tools in place, compared to 73% who use e-mail security programs. Incredibly, the company said, almost 50% of respondents replied that "an IM hygiene solution never crossed my mind."

    "This huge gap between the security applied to e-mail and that applied to IM is particularly alarming, since 47% of respondents indicated that the e-mail/messaging organization has responsibility for securing both e-mail and instant messaging," Akonix said in a statement. "The results show that many corporate information technology organizations have left gaping holes in the defense of their networks and systems by failing to address new threats in a timely fashion."

    Akonix also observed a steep rise in IM threats last year. For example, its security team tracked 62 IM-based attacks in November, a 226% increase over the previous month, the company said.

    "The astonishing conclusion of these survey results is that organizations have spent millions of dollars and man hours securing their e-mail systems, but have barely begun to address the rapidly growing threat of virus, worm or malicious code attack through employee use of instant messaging," Don Montgomery, Akonix's vice president of marketing, said in the statement. "As the most rapidly adopted communications medium in history, IM has already become an indispensable business tool. Our research shows, however, that the security protection of IM is not keeping up with its adoption."

    Advice for IT administrators
    IT shops aren't helpless against the IM threat, Gilliland said. But at this point it's hard for enterprises to strike a balance between productive IM use and transmitions that should be blocked.

    "If the objective is to block all IM use, you can block it through firewall configurations," he said. "Some companies do that. The challenge is that it's not necessarily easy. And you are stopping all the productive use of IM."

    For IT managers who want to get a better handle on IM use in their company, Gilliland said a good starting point is for them to know what their business objectives are and see where IM fits in. Then they should adopt an infrastructure to manage it. Not surprisingly, he used his company's IMlogic IM Manager as an example.

    "Our system sits in the data center and captures all IM traffic," he said. "You can turn it on or off, map users to their corporate credentials, which allows you to enforce policies by department, and you can decide for yourself that one department can use IM, others can't, or everyone can use it but they can't do file transfers."

    Sound Off! -   Post your comments |  See others' comments (1)


    Tags: Secure IMApplication Attacks (Buffer Overflows, Cross-Site Scripting)Spyware, Adware and TrojansViruses, Worms and Other MalwareVIEW ALL TAGS

    Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


    • TechTarget Security Media
    Information Security View this month\\'s issue and subscribe today.
    Information Security Decisions Apply online for free conference admission.
    		SearchSecurity.com
    HomeNewsMagazineWebcastsWhite PapersLearningAdviceTopicsEventsAbout Us
    SEARCH :     Advanced Search | Site Index Powered by: Search Powered by Google

    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




    All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts