IMlogic Threat Center Releases Reports: ''2005 Real-Time Communications Security: The Year in Review'' and ''Top 5 IM Security Risks for 2006''.WALTHAM, Mass. -- 2006 poses significant challenges to organizations trying to protect themselves against next generation IM and real-time communications security See COMSEC. attacks The IMlogic Threat Center, the industry's first global consortium to provide threat detection and protection for instant messaging Exchanging text messages in real time between two or more people logged into a particular instant messaging (IM) service. Instant messaging is more interactive than e-mail because messages are sent immediately, whereas e-mail messages can be queued up in a mail server for seconds or (IM), peer-to-peer (P2P See peer-to-peer and point-to-point. ), and other real-time communication (RTC See real time clock. ) applications, today released two new reports entitled, "2005 Real-Time Communications Security: The Year in Review" and "Top 5 Instant Messaging Security Risks for 2006." These reports cite an almost 1,700 percent increase during 2005 of reported incidents compared to all of 2004, including a dramatic increase in the depth and breadth of real-time security attacks that include viruses, worms, spam over IM (SPIM (SPam Instant Messaging) Unsolicited advertising appearing in instant messages. SPIM is even more annoying than spam. Unlike e-mail ads, which can often be relegated to a junk folder in the user's e-mail program, a SPIM ad pops up on screen whenever it is sent. )/malware and phishing attacks. The "2005 Real-Time Communications Security: The Year in Review" report provides complete data, analysis and discussion of key trends for 2005. Key data points in the report include: --1,693 percent increase in reported incidents of new real-time security threats; --2,403 unique IM and P2P threats, including IM-specific attacks and blended threats which target IM and P2P applications; --90 percent of IM-related security attacks include worm propagation; nine percent are known to deliver viruses; and one percent of reported incidents utilize known client vulnerabilities or exploits; --57 percent of reported incidents over IM networks targeted the MSN Messenger Microsoft's instant messaging (IM) service, which provides text messaging and voice calling. Part of the MSN Network, MSN Messenger clients are available for non-XP versions of Windows, Mac, Pocket PC and MSN TV. For Windows XP, the IM client is Windows Messenger. Client, Windows Messenger The instant messaging (IM) client in Windows XP. Windows Messenger is the XP counterpart to MSN Messenger, both of which have been upgraded to Windows Live Messenger. Organizations can use the instant messaging capabilities in Microsoft Exchange to set up a private IM system. Client and MSN (1) (MicroSoft Network) A family of Internet-based services from Microsoft, which includes a search engine, e-mail (Hotmail), instant messaging (Windows Live Messaging) and a general-purpose portal with news, information and shopping (MSN Directory). Network; --34 percent of reported incidents over IM networks targeted the AOL Instant Messenger See AIM. Client, AOL Instant Messenger Network, ICQ ("I Seek You") A conferencing program for the Internet from Mirabilis, Tel Aviv, Israel (www.icq.com). It provides interactive chat, e-mail and file transfer and can alert you when someone on your predefined list has also come online. Client and ICQ Network; --Nine percent of reported incidents over IM networks targeted the Yahoo! Messenger Yahoo!'s instant messaging (IM) service, which includes text messaging, voice calling and file sharing. The IM client includes Internet radio and the regular phone calling at rates as low as one cent per minute. Starting with Version 8. Client and Yahoo! Messenger Network. The report also highlights a dramatic increase in the overall sophistication so·phis·ti·cate v. so·phis·ti·cat·ed, so·phis·ti·cat·ing, so·phis·ti·cates v.tr. 1. To cause to become less natural, especially to make less naive and more worldly. 2. of real-time communications security threats, with the following highlights from 2005: --The first talking, "intelligent" worm was identified (IM.Myspace04.AIM) in 2005. This worm not only broadcast malicious messages to other users of IM but also interacted with potential victims without the infected user being aware of an attempt to dupe potential victims into activating the worm on their local machine. --2005 saw a dramatic increase in the number of mutating attacks, including significant mutations on all the major consumer IM networks. With 140 total mutations and detection on all the major IM networks, the Kelvir worm was the leader in IM threat mutations, followed by Bropia with 29 mutations and Opanki with 26 mutations. --Rootkit technologies became one of the mechanisms attackers leveraged to hide their malicious code and malware on infected machines. These types of attacks not only hide the infection from the user but also disable local antivirus security software, change critical operating system operating system (OS) Software that controls the operation of a computer, directs the input and output of data, keeps track of files, and controls the processing of computer programs. files and gain complete access to potentially sensitive information on the host machine. --2005 also saw attackers using worms that took advantage of multi-stacked clients (for example, Windows Messenger) and worms that included support for multiple languages to enable threats to more easily traverse geographic and regional boundaries, increasing the likelihood of IM-related threats causing significant disruption and damage inside enterprise IT domains. "In 2005 we saw a steady increase in the threat volume and hacker sophistication of real-time communications security attacks," said IMlogic Chief Technology Officer Jon Sakoda. "As we enter 2006, these threats will continue to increase in sophistication and agility and will result in increased intellectual property loss, increased IT support costs and other cyber crimes." IMlogic Threat Center Forecasts Continued Growth in IM-Borne Attacks and Releases Top 5 IM Security Risks for 2006 Trend analysis provided in the "IMlogic Top 5 Instant Messaging Security Risks for 2006" report suggests IM and other real-time communications-borne attacks will continue to increase as attackers capitalize on Cap´i`tal`ize on` v. t. 1. To turn (an opportunity) to one's advantage; to take advantage of (a situation); to profit from; as, to capitalize on an opponent's mistakes s>. the growing popularity of these technologies in both consumer and corporate environments. The IMlogic Threat Center encourages organizations to take the appropriate measures to protect their end-users against these attacks by implementing real-time security and management protections, keeping operating system patches and anti-virus software anti-virus software n → Antivirensoftware f up to date, and educating end-users on the risks associated with communications over IM and related channels. The "IMlogic Top 5 Instant Messaging Security Risks for 2006" report includes: 1. Network interoperability and continued IM adoption will accelerate the volume of IM threats: Forecasted growth of both consumer and enterprise IM combined with the increasingly connected nature of disparate IM systems will lay the groundwork for large-scale IM attacks that reach across disparate networks. 2. Expanded IM functionality will increase the number of attack vectors: The convergence of IM, VoIP, virtual conferencing and other real-time communication capabilities will provide new opportunities for the propagation of sophisticated IM attacks. 3. More sophisticated and even "intelligent" worms will increase infection rates: The increasing complexity and agility of IM threats will result in attacks being less likely to be immediately detected by an end-user making these types of attacks more dangerous and costly. 4. Instant messaging will continue to attract cyber-criminals: Cyber-criminals will increasingly be drawn to IM because of its proven ability to efficiently deliver malicious payloads via social engineering tactics. 5. Intellectual property leaks from internal threats will drive financial loss: Intellectual property loss will come to the forefront as IT and security organizations begin monitoring file transfer usage more closely as part of established corporate IM communications policies. Launched with the support of Internet security ''This article or section is being rewritten at Internet security is the process of protecting data and privacy of devices connected to internet from information robbery, hacking, malware infection and unwanted software. leaders Symantec, Sybari, and McAfee, and global instant messaging leaders America Online See AOL. , Microsoft and Yahoo!, the IMlogic Threat Center is the most comprehensive knowledge base for known IM and P2P vulnerabilities and provides rapid response and guidance for protection against newly detected threats. The "2006 Real-Time Communications Security Threat Report" and the "Top 5 Instant Messaging Security Risks for 2006" are available free of charge by visiting the IMlogic Threat Center at http://www.imlogic.com/im_threat_center/index.asp. About the IMlogic Threat Center The IMlogic Threat Center is the first operation to provide detection, analysis, alert, and protection from harmful IM and P2P threats including IM-borne viruses, worms, SPIM, and malicious code. Launched with the support of Internet security leaders Symantec, Sybari, and McAfee, and global instant messaging leaders America Online, Microsoft and Yahoo!, the IMlogic Threat Center is the comprehensive knowledge base for known IM and P2P vulnerabilities and provides rapid response and guidance for protection against newly detected threats. About IMlogic, Inc. IMlogic, Inc. is the market leader in enterprise software for managing and securing instant messaging; the world's fastest growing communications medium of all time. The largest Fortune 1000 companies across the financial services The examples and perspective in this article or section may not represent a worldwide view of the subject. Please [ improve this article] or discuss the issue on the talk page. , energy, healthcare, government, media, telecommunications, technology, and manufacturing industries depend on IMlogic to manage, control and secure corporate IM usage, while satisfying compliance requirements associated with real-time electronic communications. For more information on IMlogic call 877-IMlogic or visit www.imlogic.com. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion