Slyck Chatbox - And More

IM/P2P Security Threats against Corporate Networks Rise

Discuss Slyck's latest news
Forum rules

IM/P2P Security Threats against Corporate Networks Rise

Postby SlyckTom » Tue Apr 05, 2005 12:15 pm

On March 24, 2005, Slyck <a href= target=_blank>reported</a> that a large majority of corporate networks – a stunning 49% - had no security policy with regards to the use of P2P or IM (Instant Messaging) programs. Unregulated use of either networking programs by the computer unsavvy can lead to a wide array of problems, including confrontations with the copyright industry, spyware and adware infestation.

Compounding this issue is two new reports from security firms <a href= target=_blank>IMlogic</a> and <a href= target=_blank>Akonix Systems</a> that state the number of attacks has grown dramatically over the last year.

Although the research was conducted independently, the results are comparable. IMlogic found the number of threats against IM and P2P networks via viruses, worms, spam over IM/malware and phishing rose by 250% from one year ago. Similarly, Akonix Systems witness a more than 400% increase in the number of threats against P2P and IM networks in the same amount of time.

According to IMlogic, administrators reported an 271% increase in the amount of attacks against their corporate networks.

“Since the start of 2005, IM networks have been on the receiving end of an unprecedented barrage of security attacks," said Francis Costello, chief marketing officer at Akonix Systems. "Virus writers, hackers and scammers are becoming more sophisticated in their approach to vulnerable, insecure IM clients and networks, distributing not just viruses and malware, but putting together blended attacks and phishing scams. Unmanaged and unauthorized use of IM within enterprise networks presents an increasingly serious threat to corporate security."

Interestingly, IMlogic found that 75% of all attacks against IM networks were against the MSN Messenger client, Windows Messenger client and the MSN Network. Only 11% of reported incidents were against the AOL IM client, the AOL IM Network and the ICQ Network.

The unauthorized use of P2P and IM clients in the work place has proven costly to corporate networks over the last several years. With employees improperly utilizing the software, networks are exposed to shared hard drives and costly spyware infiltration. While simply banning P2P clients in the workplace can easily control file-sharing vulnerabilities, this is not necessarily the case with IM clients. Since IM clients have a growing use in the workplace, the vulnerabilities corporate networks face are not likely to disappear any time soon. From IMlogic's report:

“IM uses a real-time protocol, which enables the rapid proliferation of IM malware, making detection, quarantine, and response a challenge for corporate environments. Given the centralized topology of IM networks, IM worms have an immediate transport mechanism to vulnerable hosts and spread rapidly across public and private networks. Enterprise customers of IMlogic report that IM worms can infect the majority of vulnerable machines in corporate environments without specific IT policy or IT security in place to protect against IM and P2P threats. The IMlogic Threat Center expects that IM attacks will continue to spread rapidly given the real-time nature of the transport protocol and the lack of IT network security for real-time protection and quarantine.”
Follow us on Twitter @SlyckDotCom
Join our Facebook Fan page
Posts: 5713
Joined: Fri Jul 26, 2002 7:22 pm
Location: New York City

Postby Bizzare » Tue Apr 05, 2005 1:12 pm

Nice article.. I've been preaching this for months..

"Interestingly, IMlogic found that 75% of all attacks against IM networks were against the MSN Messenger client, Windows Messenger client and the MSN Network"

That's not interesting.. MSN is commonly used in almost all default winblowz boxes, easy to install, and has more holes than a necrophiliacs last cadaver :twisted:
One Armed Against Nine Killers
Posts: 187
Joined: Thu Jun 17, 2004 5:11 pm
Location: I was born down in a briar patch..

Postby tarp404 » Tue Apr 05, 2005 4:46 pm

The real problem is these corporations are running Windows, which is inherently insecure.
User avatar
Posts: 375
Joined: Sun Feb 20, 2005 4:31 pm

Postby Califax » Tue Apr 05, 2005 4:54 pm

tarp404 wrote:The real problem is these corporations are running Windows, which is inherently insecure.

User avatar
Posts: 458
Joined: Fri Oct 01, 2004 11:35 pm

Postby mpfenton » Tue Apr 05, 2005 5:41 pm

What? Nothing about IRC?
Posts: 619
Joined: Tue Apr 06, 2004 4:59 pm

Postby thejynxed » Tue Apr 05, 2005 10:31 pm

The IRC protocol is blocked by default setup in alot of enterpise level firewalls (CISCO hardware firewalls, etc all block IRC out-of-the-box). The reason Windows Messenger service is not blocked is because in alot of corporate networks, that is how network admins send messages to end users saying "We are sending patches to your computers now, please wait." It's just a big pond with alot of fat fish waiting for the illegal poachers (blackhat crackers/criminal organizations) to come snatch them out of the water.

It is true that Windows is rather poor security-wise, but at the moment you just can't tell corporate entities to suddenly jump ship to Linux or BSD either. The applications they need to use simply aren't there to use on the Linux platform, and to be quite honest, I don't see corporations having their IT departments rushing out spending tons of cash to reprogram all of their vital apps to work on Linux in the near future.

There is also the problem of there being rather few support avenues for corporate entities when it comes to Linux. Sure, you have Fedora by Red Hat and SuSE from Novell, but I can't think of any other distro providers right off hand offering corporations paid support contracts. We are also talking about organizations that are still using 30 year old machines and software in some places on their networks.

Don't get me wrong, change will come, but it will come slowly. If Linux wants to get more of a real share of the corporate market, it needs to gear itself more towards the corporate entity (which Microsoft has done rather well), and not just to the /. crowd or other such "techie" groups. I forsee this happening however, and one just has to keep an eye on the more recent editions of Fedora, Mandrake, SuSE, etc to see this in action.

Disclaimer: No penguins were harmed in the creation of this post.
"FlickR is supposed to be weird, fun, experimental, way out-there -- oh no, wait, now that it's so close to being part of Microsoft, FlickR's supposed to bore people to death and empty their pockets while pretending to innovate." - Bruce Sterling
Posts: 1953
Joined: Mon Sep 06, 2004 12:22 pm
Location: In a Galaxy Far, Far Away....

Return to Slyck News

Who is online

Users browsing this forum: No registered users and 0 guests

© 2001-2008