IronPort Systems, a Cisco business unit and a
leading provider of enterprise spam, virus and spyware protection, today
announced the availability of its 2008 Internet Security Trends Report. The
IronPort report highlights the key security trends of today and suggests
ways to defend against the sophisticated new generation of Internet threats
certain to arise in the future.
Amateur Hour is Over
“2007 marks a turning point. Just when malware design seemed to have
reached a plateau, new attack techniques have burst forth, some so complex
– and obviously not the work of novices — they could have only been
designed by means of sophisticated research and development,” said Tom
Gillis, Vice President of Marketing for IronPort. “For a time, security
controls designed to manage malware were working. But, as a result of this
success, the threats they protected against were forced to change. In 2007,
many of these threats underwent significant adaptation. Malware went
stealth, and its sophistication increased.
Information is the New World Currency
Spam, virus and malware attacks are costly. The average user spends 5-10
minutes a day dealing with spam. Clean up cost are estimated at $500 per
desktop. Even more costly is data loss. Whether it’s a malicious attempt,
or an inadvertent mistake, data loss can diminish a company’s brand, reduce
shareholder value, and damage goodwill and reputation. Electronic
communications and data in motion is the most significant data loss vector
in the enterprise today. Current firewall and other network security
solutions do not include data loss prevention capabilities to secure data
in motion. Important controls, such as content scanning, blocking of
communications containing sensitive data and encryption, are missing. An
estimated 60 million people have had data about themselves exposed over the
past 13 months, and there has been an estimated 20 Billion dollars spend in
clean-up costs and lost productivity worldwide. As much as 60 percent of
corporate data resides on unprotected PC desktops and laptops. In addition,
48 percent of organizations do not have a policy for notifying customers
when their private data may be at risk.
Looking Ahead: Social Malware
Modern malware borrows characteristics from the social networking and
collaboration sites associated with Web 2.0. Today’s malware (like the
“Storm” Trojan) is collaborative, adaptive, peer-to-peer and intelligent.
It flies under the radar — living on enterprise or residential PCs for
months, or years, without detection. The new variants of Trojans and
malware will be increasingly targeted and short lived. This makes them even
harder to detect. The old attitude of “what I can’t see won’t hurt me” is
no longer valid. Corporations are under increasing pressure to ensure the
integrity of their sensitive information — be it credit card numbers,
corporate earnings information or new product plans. Malware writers are
building sophisticated peer-to-peer networks that are designed to harvest
this data, and at the same time are harder and harder to detect and stop.
IT security teams need to take steps to measure malware traffic in their
network and deploy a comprehensive security system that includes advanced
techniques such as network based threat detection and network access
control.
Additional Findings and Statistics
The overall trends in spam and malware can be characterized by a larger
number of more targeted, stealthy and sophisticated attacks. Specific
observations include:
-- Spam volume increased 100 percent, to more than 120 billion spam
messages daily. That's about 20 spam messages per day for every person on
the planet. IronPort measurements have shown that enterprise users get
anywhere from 100 to 1,000 spam messages per day.
-- Spam has become less focused on selling product, and more focused on
growing spam networks. Earlier versions of spam attacks were primarily
selling some type of product (pharmaceuticals, low interest mortgages,
etc.). However, today's spam includes an increasing amount of links that
point to websites distributing malware. This malware is often designed to
further extend the size and scale of the botnet that originated the spam in
the first place. During 2007, IronPort's Threat Operations Center measured
a 253 percent increase in "dirty spam" (spam containing links that pointed
to known malware sites). This is further evidence of the trend that malware
writers are using both email and Web technologies blended together to
propagate threats.
-- Viruses are less visible, but increasing in number. Virus writers have
evolved from the previous mass distribution attacks, such as "Netsky" and
"Bagel." In 2007, viruses where much more polymorphic and typically
associated with the proliferation of very sophisticated botnets, such as
"Feebs" and "Storm." In one week alone, the IronPort Threat Operation
Center detected more than six variants of the Feebs virus, each of which
began spreading exponentially before signatures could be created.
-- The duration of a particular attack technique decreased substantially.
In previous years, spammers would employ a typical technique, such as the
use of embedded images, for months. More recent techniques, such as MP3
spam, lasted only three days. But there are more of these smaller attacks.
Where as in 2006 image spam was the primary new technique, 2007 saw more
than 20 different attachment types used in a variety of short-lived attack
techniques.
Information provided by: Findarticles.com
