Messaging News - August 2008 - (Page 22) T he promise of the World Wide Web led to its skyrocketing popularity as a business tool for e-commerce, communications, information gathering and social networking. Unfortunately the Web has also been recognized and capitalized upon by mischief-makers to downright criminals. While email still has the highest count of malware threats, Web related threats are steadily climbing, with blended Web and email threats commonplace. In its security report reviewing the first half of 2008, Sophos noted, “One of the reasons the Web is so popular enterprises and governmental agencies. Cybercriminals operate their profitable businesses utilizing easy-to-use sophisticated attacks while focusing on the management side of stolen data handling.” BenItzhak notes that this makes detection difficult and puts all organizations using the Web at risk. “The damage that successful Crimeware attacks inflict is widespread and long-lasting. It can result in loss of valuable data, loss of IP, loss of productivity, impact on profits or stock price, brand damage, law suits, class actions and repercussions for not companies have to change the way they view security.” Organizations should look closely at their security practices to be sure they are adequately protected. But there are other threats to be wary of. Social Networks Sophos’ security report explains how social networking Web sites, like Facebook, MySpace, Bebo and other Web 2.0 sites, have exploded in popularity in the last few years—a trend that has not gone unnoticed by cybercriminals. The company reports that computer users, used Social N Bloggi with attackers is that innocent sites can be compromised and used to infect large numbers of victims. However, it is not just the unsuspecting visitor who is the victim—the owner of the Web site also suffers.” Yuval Ben-Itzhak, chief technology officer for Finjan believes the days of a one-scheme fits all approach are long gone, and that the sophistication of today’s attacks will only continue. “Profit-driven Cybercrime has evolved into a booming cybercrime business, operating in a major shadow economy that closely mimics the real business world,” he says. “Money keeps driving the growth of targeted attacks against financial institutions, 22 MESSAGING NEWS AUGUST 2008 complying with various rules and regulations, such as SOX, HIPAA, PCI DSS 1.1, GLB Act, and FISMA.” Most all agree that the Web has opened unintended doors. Andrew Graydon, chief technology officer for BorderWare Technologies, acknowledges, “Gone are the days when email alone can be blamed for the propagation of viruses, Trojans, worms and other forms of malicious code. Email is not without blame, as Web pages have to be visited for any attempted exploit to be called, and email is the most common method to drive traffic to these Web sites. This scenario can easily be described as ‘email is the invitation and Web is the infection’. Due to this growing trend, to an onslaught of unsolicited email in their inbox, appear to be less cautious when messages arrive via other routes, such as instant messaging or Facebook. “Spammers are finding themselves increasingly obstructed by corporate anti-spam defenses at the email gateway. In a nutshell—we’re stopping the bad guys getting their marketing message in front of their intended audience,” says Graham Cluley, senior technology consultant for Sophos. “To get around this, we are seeing spammers exploiting networks like Facebook to plant spam messages on other peoples’ profiles—these don’t just get read by the owner of the profile, but anyone else visiting his or her page.”
For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.