News

IM Attacks on the Rise

Just because you've deployed an enterprise-grade instant messaging (IM) solution from a well-known vendor, doesn't mean you've mitigated -- let alone completely licked -- the threat posed by rogue, unsanctioned or illicit IM use in your enterprise environment.

Consider recent research from policy and risk management specialist Akonix Systems Inc., which tracked more than 20 new IM attacks last month, a sharp rise (more than 160 percent) from March.

Akonix is interested in such statistics because it markets a line of products (including several appliances) that are designed to specifically counteract IM-based attacks. As the increase shows, it's has been a busy month where IM attacks are concerned. As late as April 30, for example, security researchers identified three new IM threats, including a Trojan attack (dubbed Flocker.A) that affects Symbian mobile phones.

The Symbian attack highlights the increasing sophistication and complexity of IM attackers: They're no longer targeting specifically Win32 platforms. With a growing number of IMers using non-traditional platforms (e.g., mobile phones, iPod Touches), IT organizations must work overtime to cover all their bases.

Aknonix also tracked an uptick in attacks against peer-to-peer (P2P) networks, a category that includes popular sharing services such as Kazaa and eDonkey; P2P attacks were up 13 percent in April compared to March, according to Akonix.

Akonix researchers say the rise is due, in part, to enterprise IM use, particularly because unified communications (UC) efforts are also on the rise. Organizations are increasingly deploying next-gen IM and UC platforms, in some cases without adequately testing -- let alone hardening -- these systems against outside attacks.

The result, Akonix officials claim, is a feeding frenzy for attackers.

"With this month's spike in IM attacks, hackers are continuing to penetrate companies as they roll out instant messaging and unified communications platforms for the new year," said Don Montgomery, VP of marketing at Akonix, in a statement. "Enterprises need to realize that implementing new communication and collaboration tools increases the risk of attack as each new application becomes a new vector for infection."

Last month's increase in IM-related attacks is part of a larger trend. Aknonix also flagged an escalation in IM attacks in February, for example, as well as a sharp year-over-year rise for all of 2007. Last year, for example, researchers discovered 346 new IM-related attacks -- nearly one per day. To put it into perspective, that's more than the number of reported vulnerabilities for major operating systems platforms such as Windows XP, Windows Server 2003 or even Mac OS.

It isn't as if the stakes aren't already high enough, either. Last year, for example, a security consultant was sentenced to nearly 60 years in prison and fined $1.75 million for using IM botnets to hijack PayPal accounts.

About the Author

Stephen Swoyer is a Nashville, TN-based freelance journalist who writes about technology.

Featured

  • Report: Cost, Sustainability Drive DaaS Adoption Beyond Remote Work

    Gartner's 2025 Magic Quadrant for Desktop as a Service reveals that while secure remote access remains a key driver of DaaS adoption, a growing number of deployments now focus on broader efficiency goals.

  • Windows 365 Reserve, Microsoft's Cloud PC Rental Service, Hits Preview

    Microsoft has launched a limited public preview of its new "Windows 365 Reserve" service, which lets organizations rent cloud PC instances in the event their Windows devices are stolen, lost or damaged.

  • Hands-On AI Skills Now Outshine Certs in Salary Stakes

    For AI-related roles, employers are prioritizing verifiable, hands-on abilities over framed certificates -- and they're paying a premium for it.

  • Roadblocks in Enterprise AI: Data and Skills Shortfalls Could Cost Millions

    Businesses risk losing up to $87 million a year if they fail to catch up with AI innovation, according to the Couchbase FY 2026 CIO AI Survey released this month.