Instant Messaging - new threat for a changeable communications scene

Instant Messaging (IM) has emerged as of the most successful and widely deployed applications on the Internet. Unfortunately, this success has come at a heavy price, with IT attackers shifting their attention to IM, propagating IM-born viruses, worms, spam over IM (SPIM), malware and phishing.

Alarmingly, despite its wide adoption and equally impressive security onslaughts, IM still remains generally unprotected in both consumer and enterprise environments, leaving it exceedingly vulnerable to attacks and exploits.

Gartner experts take it one step further stating that IM has become an e-mail alternative for distributing viruses and other malware. At the same time, only 10% of organisations have formal IM policies in place, according to a 2007 Burton Group survey. And of those, only half secure the application. Many don’t even know whether employees are using IM.

Looking purely from an enterprise perspective, IM poses the two key threats: it opens new vulnerabilities through which information can leak or be leaked, leading to user privacy concerns and the potential loss of intellectual property; and it creates invisible communications channels that operate below the radar of conventional information security measures, exposing the organisation to regulatory compliance breaches.

The reality is that IM has become a severe threat and requires considerable user awareness coupled with security solutions, both in the consumer and enterprise spaces, to ensure that it does not turn into a monster that we cannot control.

Here are just some examples of just how sophisticated IM threats have become. We are now faced with threats such as a talking worm, which essentially imitates an IM user by engaging the end-user in a dialogue. Even more shockingly is that many of these threats are even multilingual, talking to the end-user in his or her native tongue.

Threats have also become more agile and are able to cross from one network to another and cross from public IM networks to internal IM servers. This is particularly relevant given the trend toward IM interoperability.

Also, threats are increasingly avoiding anti-virus identification through the rapid multiplication of their payload signature. Attackers are also using root kit software to hide the process, files, and registry keys for the software used in their attacks. The impact will not be detected as quickly by the end-user, which makes it even more dangerous.

The bottom line is, while organisations have invested significant resources and time in protecting e-mail and Web communications, they have failed to recognise that IM represents a new wave of security onslaughts that not only harms end-users but also impacts company intellectual property.

In order to put a stop to IM attacks, organisations and users have to implement appropriate security precautions and technology to secure their messaging communications.

In the enterprise space, these solutions should address the threats posed by phishing, malware and blended attacks, since IM is particularly susceptible to social engineering tricks. Additionally, IM’s real-time nature causes malware to spread rapidly.

Plus, in order to stop the leakage of intellectual property, companies should invest in tools that track, audit and even block certain IM conversations, while enforcing acceptable-use policies and comply with regulations and legal restrictions.

There are currently a number of comprehensive security options available catering to both individual users and enterprises. High-end products offer comprehensive solutions that address and mitigate the potential risks associated with the use of IM in the enterprise while for individual users or smaller organisations anti-virus and Internet security software suite includes integrated IM security features.

IM security must enjoy the same priority as e-mail and Internet; it is a real threat that is creating a playground for attackers to exploit us when we are at our most vulnerable. Invest in a reputable security solution and apply due diligence, enforcing same measures as you would in the case of suspicious-looking e-mails, attachments and Web sites.

Author: Tich Mugwara, Symantec security product manager at DCC
Source: http://www.computingsa.co.za/article.aspx?id=841434