The Impact of Messaging and Web Threats

The Impact of Messaging and Web Threats
!
An Osterman Research White Paper
Published March 2008
SPONSORED BY
!
!
Osterman Research, Inc. . P.O. Box 1058 . Black Diamond, Washington 98010-1058Phone: +1 253 630 5839 . Fax: +1 866 842 3274 . info@ostermanresearch.com . www.ostermanresearch.com The Impact of Messaging and Web Threats
Messaging Security is Becoming More Difficult
THE IMPORTANCE OF ELECTRONIC COMMUNICATION Email is the most critical communication tool in the workplace, as evidenced by these results from a February 2008 report published by Osterman Research: . The average user in an organization of up to 1,000 employees sends and receives 124 emails on a typical workday; the average user in a larger organization sends and receives 149 emails each day. . Considering all of the Because email is so critical, communication that employees and because other send during a typical day - email, letters, instant messages, blog posts, communication tools are wiki postings, etc. - email accounts for 74% of the total. becoming more widely used, attacks directed . Fifty-eight percent of email users report that email is critical in against these capabilities helping them to get their work done, while another 35% believe threaten the very ability of that email is important in this individuals and companies regard. to communicate or protect Because email is so critical, and their sensitive data. because other communication tools - instant messaging, wikis, blogs, VoIP, collaboration tools and other capabilities - are becoming more widely used, attacks directed against these capabilities threaten the very ability of individuals and companies to communicate or protect their sensitive data. THE HISTORY OF MESSAGING THREATS Messaging-focused attacks have a long and varied history: . The first record of email spam dates back as far as 1978, although the recent history of the spam "problem" actually began somewhere around early 2002. In January 2002, for example, spam represented about one in six emails sent over the Internet; by early 2008, spam represents roughly 90% of all email. . Although viruses have been around since the early 1980s, email-borne viruses came into their own with the Melissa virus in 1999 that used a victim's Outlook address book to propagate. As of early 2008, viruses can be found in one out of roughly every 105 emails sent across the Internet. While still prevalent, email-borne viruses have largely taken a back seat to coordinated attacks using spam in combination with links to malicious web sites that contain viruses and other malware. Viruses are now linked with spam in a vicious circle.
©2008 Osterman Research, Inc. 1 The Impact of Messaging and Web Threats
. Phishing attacks, in which fraudulent emails purport to come from a financial institution or other trusted sources, attempt to fool recipients into revealing sensitive information like bank account numbers, credit card numbers, login IDs, passwords or other information. The first known phishing attempts began in late 2003. . Instant messaging threats and related attacks against real-time protocols have been a serious and growing problem since 2004 and the situation is getting worse, largely because of the widespread use of consumer instant messaging clients in the workplace. . Web-based threats are a growing problem because of the large and growing number of Web sites and Web hosts that contain malicious content, such as keyloggers, adware, backdoor Trojans, password-stealing Trojans and the like. SPAMMERS AND HACKERS ARE MOTIVATED BY PROFIT While early spammers, virus developers and hackers were motivated primarily by notoriety and the challenge of spreading their wares; modern-day attacks are motivated primarily by profit. Spammers, for example, can earn significant amounts of money by selling products marketed through spam - such as stock "pump-and-dump" schemes - or by directing people to advertising-laden sites on which they earn a commission for clickthroughs. Virus writers, phishers, developers of keystroke loggers and others can make money the old-fashioned way - by stealing it from bank accounts or via fraudulent credit card transactions. The profit motive has dramatically exacerbated the threats faced by messaging and Web users. Because significant profits are available to spammers, phishers and others, many people... [download for more]