Threats against instant messaging (IM) programs surged dramatically last year and bigger attacks are likely in 2006. But it'll probably be some time before IT shops implement adequate defenses.
That assessment comes from Waltham, Mass.-based IMlogic Inc. and San Diego-based Akonix Systems Inc. The vendors, both of which focus on selling IM security products, released reports last month showing that IM-related security incidents in 2005 skyrocketed versus the year before. In the case of a survey conducted by Akonix, many IT administrators acknowledged they haven't thought much about such threats. Instead, they're focusing primarily on e-mail threats.
"IT departments have spent a lot of money on security. They've hardened the castle walls but left the drawbridge open with IM," said Art Gilliland, VP of products for IMlogic. "The big problem is that IM is user-deployed." In most cases, Gilliland added, it's actually like a hidden form of communication. A lot of IT professionals may not know the extent to which it's used in their organizations.
A 1,700% increase in security incidents
IMlogic recently released two new reports -- one a review of the 2005 threat landscape; the other a look at the top five IM security risks for 2006. The reports cite an almost 1,700% increase in reported incidents in 2005, compared to all reported incidents in 2004. IMlogic, which is being acquired by AV giant Symantec Corp., said that included a dramatic increase in the depth and breadth of real-time security attacks, including viruses, worms, spam over IM (SPIM) and phishing attacks.
Also last year, the IMlogic Threat Center found:
- 2,403 unique IM and P2P threats, including IM-specific attacks and blended threats targeting IM and P2P applications
- 90 % of IM-related security attacks included worm propagation; 9% delivered viruses; 1% of reported incidents exploited known client vulnerabilities or exploits
- 57% of incidents targeted MSN Messenger, Windows Messenger and the MSN network
- 34% of incidents targeted AOL Instant Messenger, the AOL Instant Messenger network, ICQ and the ICQ network
- 9% of incidents targeted Yahoo! Messenger and the Yahoo! Messenger network
A breakdown by individual product is included in the report.
The document also showed the growing sophistication of real-time threats. The first talking, "intelligent" worm was identified (IM.Myspace04.AIM) in 2005, the report said, adding, "The worm not only broadcast malicious messages to other users of IM, but also interacted with potential victims without the infected user being aware of an attempt to dupe potential victims into activating the worm on their local machine."
The year also saw a dramatic spike in the number of mutating attacks, including significant mutations on all the major consumer IM networks. "With 140 total mutations and detection on all the major IM networks, the Kelvir worm was the leader in IM threat mutations, followed by Bropia with 29 mutations and Opanki with 26 mutations," the report said.
A look at the year ahead
For 2006, IMlogic predicts:
Akonix worried about IM apathy
IMlogic's assessment that IM threats are getting worse is shared by Akonix, which recently surveyed more than 100 organizations and found that IM threats aren't on the radar screen for most of them. Only 11% reported having IM security tools in place, compared to 73% who use e-mail security programs. Incredibly, the company said, almost 50% of respondents replied that "an IM hygiene solution never crossed my mind."
"This huge gap between the security applied to e-mail and that applied to IM is particularly alarming, since 47% of respondents indicated that the e-mail/messaging organization has responsibility for securing both e-mail and instant messaging," Akonix said in a statement. "The results show that many corporate information technology organizations have left gaping holes in the defense of their networks and systems by failing to address new threats in a timely fashion."
Akonix also observed a steep rise in IM threats last year. For example, its security team tracked 62 IM-based attacks in November, a 226% increase over the previous month, the company said.
"The astonishing conclusion of these survey results is that organizations have spent millions of dollars and man hours securing their e-mail systems, but have barely begun to address the rapidly growing threat of virus, worm or malicious code attack through employee use of instant messaging," Don Montgomery, Akonix's vice president of marketing, said in the statement. "As the most rapidly adopted communications medium in history, IM has already become an indispensable business tool. Our research shows, however, that the security protection of IM is not keeping up with its adoption."
Advice for IT administrators
IT shops aren't helpless against the IM threat, Gilliland said. But at this point it's hard for enterprises to strike a balance between productive IM use and transmitions that should be blocked.
"If the objective is to block all IM use, you can block it through firewall configurations," he said. "Some companies do that. The challenge is that it's not necessarily easy. And you are stopping all the productive use of IM."
For IT managers who want to get a better handle on IM use in their company, Gilliland said a good starting point is for them to know what their business objectives are and see where IM fits in. Then they should adopt an infrastructure to manage it. Not surprisingly, he used his company's IMlogic IM Manager as an example.
"Our system sits in the data center and captures all IM traffic," he said. "You can turn it on or off, map users to their corporate credentials, which allows you to enforce policies by department, and you can decide for yourself that one department can use IM, others can't, or everyone can use it but they can't do file transfers."
This article originally appeared on SearchSecurity.com.