Home >  Articles > Internet threats make email security imperative

•  
•  
•  
•  

The internet is a double-edged sword. James Scollay from MessageLabs explains why. The world has grown to rely on the world wide web in a remarkably short time. Fifteen years ago, the internet barely existed in most people's experience. Yet we've come to rely profoundly on this powerful electronic medium - as a means of rapid global communication, a leisure facility, a key research resource and as a way to buy and sell goods and services.

As unfortunate as it is, the internet has also become a powerful medium for criminals, ranging from the relatively harmless student hacker to the professional offender who seeks to use the world wide web for fraudulent gain or political advantage. Threats such as spam, viruses and phishing continue to jeopardise business continuity and it is readily apparent that the very elements that make the internet so remarkable also make it an attractive target for illegal activity.

It is exciting to witness the adoption of new messaging technologies such as VoIP and instant messaging that have no doubt improved the connectivity and productivity of employees. However, securing these networks remains a challenge. Management may have a virtuous "sky's the limit" approach to technology, but they should also be asking themselves "how good is my parachute?" With the shift in criminal intent and a movement towards highly targeted cyber-crime, businesses do not want to come crashing down to earth before they reach the moon.

Top threats of 2005

According to the MessageLabs 2005 Annual Security Report, the top threats for 2005 included:

• Spam - it is still averaging 68.6% of all email traffic, or 1 in every 1.46 emails can be identified as spam.
• Malware - attacks are floating at 2.8%, or 1 in every 36.15 emails currently contains a virus or trojan.
• Phishing scams - attempts have tripled over the past 12 months accounting for an annual average of 0.3% of email traffic or 1 in every 304 emails.
• Botnets - according to security experts, botnets are responsible for the sudden rise in phishing due to the huge increase in zombie botnets being used to pump out massive volumes of scam emails. Botnets are networks of zombie computers under the control of virus writers.
• Data and identity theft - this increased 1200% with 700 incidents handled by AusCERT in 2005. The two most common techniques include phishing (which involves mimicking a legitimate website) and trojan malware (which compromises a user's PC to steal their confidential information, unbeknown to the user).

A shift in criminal intent - targeted attacks

The sophistication of the threat landscape has changed dramatically over the past two years. Old-style virus proliferation, characterised by the indiscriminate shot-gunning of the internet world at large, has been superseded by new targeted email attacks from criminals aimed at defrauding business, stealing intellectual property or extorting money.

Today, MessageLabs intercepts around 2-3 targeted attacks per week whereas in 2004 this figure was almost negligible. Several high-profile cases hit the headlines in 2005 but it is believed many more attacks stay under the radar and go undetected. This is mainly due to the fact that attacks are smaller and organisations who are getting attacked do not want to publicise or disclose any vulnerability in their infrastructure.

Targeted attacks come in a number of different guises such as malicious code hidden inside a trojan horse for the purpose of information theft or denial of service (DoS) attacks where email and web servers are flooded with connections to disable the site for extortion.

The motivation behind the growing number of targeted cyber attacks is almost exclusively illicit financial gain. There is serious money to be made by online identity theft. Ernst & Young estimates online fraud accounts for around US$5 billion of overall financial crime, growing at a staggering 200 to 500% every year.

Just recently, research by AusCERT revealed that over the past 13 months there has been a 1200% increase in identity theft incidents targeting customers of internet service providers, financial and e-commerce institutions. Increasingly, however, attacks are being specifically directed towards organisations. Government departments, banking, legal, manufacturing and not-for-profit fields are being hit with a range of attack techniques.

One such situation occurred last year when police arrested two computer consultants in the UK, alleged to be part of a massive industrial espionage scandal. Here, trojan software was used by leading companies to allegedly steal confidential information from competitors and monitor their activity. Well-known businesses were accused of using the malware to send to competitors' computers via an email attachment, purporting to be a normal business proposal to trick users into downloading spyware.

The convergence of threats has become a widespread phenomena - something referred to as multi-vector attacks. Spam and virus, which in the past have been seen as two separate groups, are beginning to merge to employ a combined approach in targeted attacks. SoBig.F, which hit in August 2005, was a self-propagating virus which manipulated open relay servers and open proxies to spread even further. MessageLabs intercepted more than 32 million infected email messages and 1 million of these were stopped in a single 24-hour period. SoBig.F was also estimated to have cost $1 billion in damages in lost business, productivity and clean-up costs.

The cost of a rescue mission

The impact of an electronic attack can be small or large but measuring the full extent of the damage can be difficult. How does one measure the intangibles such as loss of credibility, dissatisfied staff or loss of business continuity? When your system goes down, how do you measure loss of productivity?

What businesses commonly measure is the extent to which security incidents cause financial loss, how serious these losses are and how long they take to recover. AusCERT's Australian Computer Crime & Security Survey 2005 reveals how significant the interruption and clean-up costs for Australian organisations are following a security breach:

• In 2005 DoS attacks on data networks alone caused an average financial loss of $596,200 per organisation.
• Cleaning up after a virus on the data network totalled around $51,000 per organisation.

As global trends dictate, the growth in technology brings with it greater depth and breadth of attacks and an escalation of clean-up costs. For example, New York State Cyber Security and Critical Infrastructure Coordination recently monitored botnets used to send spam and discovered 2 million compromised computers. They estimated it would take 5763 man years and $600 billion to disinfect them all.

Predictions for 2006

Nearly 35 billion emails are sent from corporate email boxes every day (excluding spam and alerts) and Gartner forecasts growth at 25 to 30% by 2009. Online threats can be expected to increase with this growing trend in email use. Over the next six months, I believe that the IT security space will witness the following:

• A landmark court case involving email retrieval and management will increase awareness around compliance and corporate governance imperatives.
• The first VoIP threat will emerge, revealing new areas of vulnerability in this new technology. The most likely scenario is that VoIP will become a playground for a new breed of spammers in the realm of SPIT (spam for internet telephony), due to the associated low cost benefits of VoIP. Malware, eavesdropping and toll fraud also rate as top security threats.
• HTTP attacks, namely spyware, will increase massively. Spyware distributors will continue to use 'typo-squatting' of domains (eg, googkle.com) to host a mass of malicious software.
• The first widespread instant messaging (IM) attack will become apparent as the three main vendors - MSN, AIM and Yahoo! - begin to merge. Such a large network with common standards will have immediate appeal to criminals.
• Targeted attacks will increase in terms of sophistication and frequency as criminals increasingly realise financial gains.
• Low level targeted trojan attacks will increase as 'off the shelf' technology and automation is made available for new cyber-criminals.

Initiatives such as GetSafeOnline in the UK, StaySafeOnline in the US and NetAlert in Australia will assist in improving the security habits of users and businesses connected to the internet. Nonetheless, as user awareness grows, this will be matched by the increasing sophistication of the virus writers.

What does your parachute look like?

With the right security strategy in place, organisations can enjoy the full benefits that the internet and messaging technologies have to offer.

Businesses need to take a pragmatic approach whereby they quantify risk and decide on appropriate protection. Risk is defined as being the probability that a threat will take advantage of a vulnerability to produce a business impact. Threats cannot be controlled by businesses. What can be controlled are vulnerabilities so this is what a security solution can address.

With the vast majority of harmful attacks originating from outside the organisation gateway, traditional software and gateway solutions are only part of the answer. These solutions allow threats to enter the corporate network before they are addressed, creating an unnecessary window of vulnerability.

By adopting a multilayered approach to IT security, one that includes internet-level protection, organisations can stop spam, viruses, phishing and unwanted content before it enters their network. Internet level email filtering via a managed service frees up IT resources, reduces demand on bandwidth connectivity and increases productivity of end users. IT managers can create a scalable and flexible canvas for IT security strategy.

With the multitude of information and protection available in the marketplace today, combating new threats is not as bleak as it may seem. There is a parachute the right size and shape for every type of organisation - just don't be caught without the right one in place.

• Share this Article:
• digg this
• add to del.icio.us
• StumbleUpon
• RSS Feeds