The threat landscape continues to evolve. Malware is more sophisticated & like real-world viruses, spreads & mutates rapidly.
The most insidious attacks use email & IM to distribute links to infected websites. This presents a growing danger; Converged threats that can bypass traditional point defences.
Effective IT security needs to work seamlessly across email, web & IM protocols. Sharing threat information & adapting quickly as new threats emerge.
Understand converged threats & equip your business to defeat them
WHITEPAPER
Converged threats,
integrated defences
IT managers' perceptions of converged threats and what companies can do to protect themselves from the latest internet security problems.
www.messagelabs.com info@messagelabs.comWHITEPAPER
Converged threats, integrated defences
Viruses have a long and ignoble history. In 1971, they first struck computers attached to the ARPANET, 1the ancestor of today's internet . By the late nineties, malware was causing significant problems. For 2example, the Melissa worm jammed mail servers in 1999 and the ILOVEYOU worm caused billions of dollars of damage to computer systems around the world soon after.
Historically, malware attacked using a single internet protocol. It spread by email; attacked specific ports or known software vulnerabilities; it infected websites or it was embedded in seemingly innocent-looking files. This meant that companies could erect point defences in the firewall, mail server and on end users' PCs and be confident that they could stop the different types of attacks.
The problem today is that malware writers have a strong financial incentive. As a result, malware has become more sophisticated. Like real-world viruses, malware spreads and mutates rapidly. The most insidious attacks use multiple protocols. For example:
. An email contains a link to an infected website that installs a virus
. Spam messages install a tiny precursor virus that bootstraps the full payload over the internet
. Botnets use instant messaging (IM) to send links to malicious websites
. Hacked accounts on social networking sites send trusted (but actually malicious) messages containing malicious links
This presents a new and growing danger to businesses: malware that can bypass traditional point defences. To protect against these so-called 'converged threats', companies need security that spans different protocols. Because malware authors are so prolific, companies also need protection that learns and adapts quickly to new threats.
Point defences aren't enough
Attacks are much more common than people think. We asked 143 IT managers if their business or (to spare their blushes) another business they knew well had suffered a malware attack. Nearly half (47 3percent) said 'yes'. HM Government research found that 72 percent of large companies had suffered a security incident in the preceding year.
Imagine a typical company's IT security set-up. They have desktop anti-virus, a corporate firewall, regular updates plus signature-based anti-virus protection for their email server and a spam-filtering appliance. It looks like an IT manager has ticked all the boxes. Not so.
This configuration has some drawbacks: multiple servers per site, laborious updates and management. It means multiple vendors to manage with varying levels of support. However, the biggest problem is that this approach isn't secure any more.
1First virus and virus timeline: http://en.wikipedia.org/wiki/Timeline_of_notable_computer_viruses_and_worms2Melissa: http://en.wikipedia.org/wiki/Melissa_%28computer_worm%293http://www.pwc.co.uk/pdf/BERR_2008_Executive_summary.pdf
www.messagelabs.com info@messagelabs.comWHITEPAPER
Converged threats
Paul Wood, Senior Analyst at MessageLabs, explains that the malware threat has evolved. For example, web-hosted viruses are getting smarter. "They can tell what browser you're using and may try to target exploits in browser plugins," he says. For attacks via email or IM, the problem starts with a small 'dropper' that receives instructions to install something bigger and more dangerous. Since bad guys get paid for each installation, they are highly motivated. For example, explains Wood, "There are more than six million systems with Conficker [a computer worm] installed."
Spoofed emails with a web link, compromised websites and fraudulent instant messages are the most common ways for these new threats to spread. They exploit people's trust. A legitimate website can give them a virus. An email or instant message from a friend's hacked account can contain a link to malware. "People respond differently to messages from people they know," says Wood.
Traditional IT security struggles to cope with these new threats. Email scanners have to check websites to make sure that links aren't malicious. Spoofed messages from friends might bypa... [download for more]
