IM Attacks on the Rise -- Redmond Channel Partner

IM Attacks on the Rise

By Stephen Swoyer
May 07, 2008

Just because you've deployed an enterprise-grade instant messaging (IM) solution from a well-known vendor, doesn't mean you've mitigated -- let alone completely licked -- the threat posed by rogue, unsanctioned or illicit IM use in your enterprise environment.

Consider recent research from policy and risk management specialist Akonix Systems Inc., which tracked more than 20 new IM attacks last month, a sharp rise (more than 160 percent) from March.

Akonix is interested in such statistics because it markets a line of products (including several appliances) that are designed to specifically counteract IM-based attacks. As the increase shows, it's has been a busy month where IM attacks are concerned. As late as April 30, for example, security researchers identified three new IM threats, including a Trojan attack (dubbed Flocker.A) that affects Symbian mobile phones.

The Symbian attack highlights the increasing sophistication and complexity of IM attackers: They're no longer targeting specifically Win32 platforms. With a growing number of IMers using non-traditional platforms (e.g., mobile phones, iPod Touches), IT organizations must work overtime to cover all their bases.

Aknonix also tracked an uptick in attacks against peer-to-peer (P2P) networks, a category that includes popular sharing services such as Kazaa and eDonkey; P2P attacks were up 13 percent in April compared to March, according to Akonix.

Akonix researchers say the rise is due, in part, to enterprise IM use, particularly because unified communications (UC) efforts are also on the rise. Organizations are increasingly deploying next-gen IM and UC platforms, in some cases without adequately testing -- let alone hardening -- these systems against outside attacks.

The result, Akonix officials claim, is a feeding frenzy for attackers.

"With this month's spike in IM attacks, hackers are continuing to penetrate companies as they roll out instant messaging and unified communications platforms for the new year," said Don Montgomery, VP of marketing at Akonix, in a statement. "Enterprises need to realize that implementing new communication and collaboration tools increases the risk of attack as each new application becomes a new vector for infection."

Last month's increase in IM-related attacks is part of a larger trend. Aknonix also flagged an escalation in IM attacks in February, for example, as well as a sharp year-over-year rise for all of 2007. Last year, for example, researchers discovered 346 new IM-related attacks -- nearly one per day. To put it into perspective, that's more than the number of reported vulnerabilities for major operating systems platforms such as Windows XP, Windows Server 2003 or even Mac OS.

It isn't as if the stakes aren't already high enough, either. Last year, for example, a security consultant was sentenced to nearly 60 years in prison and fined $1.75 million for using IM botnets to hijack PayPal accounts.

About the Author

Stephen Swoyer is a Nashville, TN-based freelance journalist who writes about technology.

Free Webcast! Learn about Password Management Best Practices

Featured

Roadblocks in Enterprise AI: Data and Skills Shortfalls Could Cost Millions

Businesses risk losing up to $87 million a year if they fail to catch up with AI innovation, according to the Couchbase FY 2026 CIO AI Survey released this month.
Microsoft Cuts Windows 11 Recovery Time with New Update

Microsoft has introduced two key enhancements to Windows 11 aimed at minimizing downtime and streamlining error resolution.
Microsoft Offers Support Extensions for Exchange 2016 and 2019

Microsoft has introduced a paid Extended Security Update (ESU) program for on-premises Exchange Server 2016 and 2019, offering a crucial safety cushion as both versions near their Oct. 14, 2025 end-of-support date.
2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

RCP Update

Email Address*Country*

Please type the letters/numbers you see above.

IM Attacks on the Rise

Featured

Roadblocks in Enterprise AI: Data and Skills Shortfalls Could Cost Millions

Microsoft Cuts Windows 11 Recovery Time with New Update

Microsoft Offers Support Extensions for Exchange 2016 and 2019

2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Microsoft Cuts Windows 11 Recovery Time with New Update

Dynamics 365, Power Platform and Copilot Getting AI Boosts in Wave 2 Update

Microsoft Offers Support Extensions for Exchange 2016 and 2019

Microsoft Shares Azure Revenue for First Time as Q4 2025 Earnings Beat Forecasts

2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Microsoft Cuts Windows 11 Recovery Time with New Update

Dynamics 365, Power Platform and Copilot Getting AI Boosts in Wave 2 Update

Microsoft Offers Support Extensions for Exchange 2016 and 2019

Microsoft Shares Azure Revenue for First Time as Q4 2025 Earnings Beat Forecasts

2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Partner Guides

Partner's Guide to the Windows Server 2008 Deadline

Partner's Guide to Office 365 Security Costs

Partner's Guide to UCaaS

Partner's Guide to Starter Workloads in Azure

Partner's Guide to Microsoft's Fiscal Year 2019

FREE WEBCASTS FROM OUR SPONSORS

Tech Talk | Stop Buying What You Already Own: The MSP's Guide to Microsoft 365 Optimization

Veeam Data Cloud for Microsoft 365

Seamless Transitions: Migrating Your VMware Workloads to Azure

Azure Virtual Desktop: The Smart Choice for Remote Work Success

FREE WHITE PAPERS FROM OUR SPONSORS

The Easy Button eBook: Simplicity of SaaS-Based Backup for Microsoft 365

Unlocking the power of Microsoft 365 management: A toolkit for MSP success

How MSPs can future-proof Microsoft 365 management with automation and security

The future of M365 management