|
THE IMPORTANCE OF ELECTRONIC COMMUNICATION
Email is the most critical communication tool in the workplace, as evidenced by these results from a February 2008 report published by Osterman Research:
- The average user in an organization of up to 1,000 employees sends and receives 124 emails on a typical workday; the average user in a larger organization sends and receives 149 emails each day.
- Considering all of the communication that employees send during a typical day – email, letters, instant messages, blog posts, wiki postings, etc. – email accounts for 74% of the total volume of content sent.
- 58% of email users report that email is critical in helping them to get their work done, while another 35% believe that email is important.
Because email is so critical, and because other communication tools – instant messaging, wikis, blogs, VoIP, collaboration tools and other capabilities – are becoming more widely used, attacks directed against these channels threaten the very ability of individuals and companies to communicate or protect their sensitive data.
SPAMMERS AND HACKERS ARE MOTIVATED BY PROFIT
While early spammers, virus developers and hackers were motivated primarily by notoriety and the challenge of spreading their wares; modern-day attacks are motivated mostly by profit. Spammers, for example, can earn significant amounts of money by selling products marketed through spam – such as stock “pump-and-dump” schemes – or by directing people to advertising-laden sites on which they earn a commission for clickthroughs. Virus writers, phishers, developers of keystroke loggers and others can make money by stealing it from bank accounts or via fraudulent credit card transactions; or they can simply sell this account information to others.
The profit motive has dramatically exacerbated the threats faced by messaging and Web users. Because significant profits are available to spammers, phishers, criminal networks and others, many people have been attracted to this “market”. Further, because profits from malicious activities are substantial, they can be used to fund newer and better methods for circumventing defenses against their attacks.
BOTNETS ARE A CRITICAL PROBLEM
In the past, spammers sent large numbers of messages from a small number of sources that were fairly easy to identify and block. More recently, however, spammers have created botnets that consist of millions of ‘zombie’ computers – computers in homes and the workplace that are infected with a virus, worm or Trojan that permits them to be controlled by a remote entity. According to Commtouch, more than 85% of spam messages and nearly 100% of malware messages are sent from zombie machines. As of early 2008, Google Message Security had tracked a 62% increase in the daily number of unique IP addresses that are blocked by its network compared to early 2007. This is a clear indication of the growth of botnets.
Spammers can rent botnets for content-distribution campaigns. Using botnets, a small number of messages can be sent from each of thousands of computers, effectively hiding each zombie from detection by ISPs or network administrators using conventional tools. Botnets are a critical problem not only because they are responsible for the vast majority of spam sent across the Internet today, but also because they are used for a wide range of purposes beyond just spam delivery. These include hosting malware sites, perpetrating distributed denial-of-service attacks, click fraud and credit card fraud. Botnets can be hard to detect and hard to remove.
WEB-BASED THREATS ARE A SERIOUS PROBLEM, AS WELL
There has been a huge increase in malicious Web-borne content, including email messages that contain links to dangerous Web sites, attachments that are little more than stage-one downloaders of other malicious code from the Web, malware that installs and opens a communication channel to the attacking source, and other exploits. Typically, these malware sites succeed in creating more zombie bots that keep feeding the vicious cycle of spam and viruses.
Spam and Web-based threats are being used together increasingly in coordinated attacks. For example, Google has identified more than three million unique URLs on more than 180,000 Web sites that automatically install malware on visitors’ machines – spam often is used to drive traffic to these sites simply for the purpose of installing malware for later use. Further, Web 2.0 Web sites that include dynamic content, such as complex mashups that change continually, make it difficult to accurately determine whether a particular site is safe or risky at any point in time. This makes the need for real-time assessments and reputation more critical than ever before.
|
