- Spam « Secure Thinking

Posts tagged - Spam

Monday, March 14, 2011

SPAM: Clogging your Internet arteries since at least 1994 — but perhaps no more?

By Jim Tiller, Vice President, Security Professional Services, North America, BT Global Services

SPAM, a constant fixture in the Internet, reached a feverish pitch around the turn of the century and represented the lion’s share of e-mail traffic around the world. This situation continued for several years – until recently. Based on a number of reports, at a time of year when SPAM is usually at its annual zenith, there has been a significant decline in SPAM volume. While this has baffled some and many see it as an anomaly, it can also be seen as an indicator of a change in the threat spectrum.

E-mail is a universal method of Internet communication, but with the proliferation of Twitter, Facebook, unified communications, mobility, and the complex array of collaboration apps and services that exist, e-mail has become, well, old school. Moreover, the simple fact remains that a large percentage of the most common forms of SPAM are filtered out by layers of well-established, proven technologies. In short, from a SPAMer’s perspective, they’re getting less bang for the buck. Therefore, it should be no surprise that as the use of the Internet shifts for businesses and individuals, so will the threat. And SPAMers, too, will look to leverage new communication methods to fill your inbox, Facebook wall or Twitter account.

Of course, there is a more sinister element at play – specifically, highly targeted SPAM – or phishing, spear phishing, etc. This is unwanted communications that look and “feel” real, but are just noise at best, contain malware at worst, or most dreadfully, fool people into exposing private information. The drop in detected SPAM may be simply that these more, well-formed communications in e-mail, Twitter, and others are simply getting past the net undetected.

Now that established organizations are using these technologies and apps to interact with their clientele in new ways, people expect to see a tweet, SMS or wall post from a company they have a relationship with – and the threats know this. When one extrapolates and projects out the potential of this reality, it is well within reason to see an increased level of fraud, identity theft, and malware proliferation because this is Greenfield opportunity for threats.

Although all this is completely speculation, it’s reasonable to assume that SPAM is migrating to other evolving forms of Internet-based collaboration technologies and by doing so, broadening their spectrum of opportunity to manipulate systems and people, and potentially more effectively. Although anti-SPAM technologies exist, many are still directed at traditional e-mail and not necessarily social networking interactions that are accessible from virtually any platform, any time, from anywhere.

Just because we saw less SPAM when we should have seen a spike doesn’t necessarily mean the SPAMers took a holiday. In fact, the decline in SPAM should be seen as evidence of a new focus – one more targeted, impactful, and one taking a path of least resistance.

Given the entanglement of technology, mobility and anything-all-the-time-app-for-that-culture, e-mail is yesterday’s technology – the threats know this and are moving to capture this new market – you.

Thursday, December 23, 2010

Security tips for Christmas countdown

By Tara Savage, Senior Marketing Manager, BT Global Services

The holidays, for most of us, are about giving and receiving, but, unfortunately, for some it may also be a time for theft or fraud. In addition to keeping your pocketbook and packages safely guarded, remember to keep your computer and data protected as well.

When you’re sitting at home, logged onto your computer and shopping for presents online, emailing friends or sending video greetings to family, bear in mind that determined criminals may be sitting at home with their computers, too, trying to break into your computer to get your passwords and personal information using viruses and software.

The number of online transactions obviously increases during the holiday season, and cyber-crooks are aware of this increase in online trade. With a bit of commonsense and knowledge, you can avoid problems with e-commerce and keep your personal data secure. Here are a few tips:

At home:

Protect your computer against unwanted seasonal visitors.
Install anti-virus, anti-spyware software and a firewall or a security suite that includes all three. This is like keeping your doors and windows locked at home.
Don’t let spam spoil your holiday. Keep your computer secure — block spam emails and use an up-to-date web browser to make it more difficult for hackers to get into your PC in the first place.
Stop online snoopers from “lifting” your personal details.
Protect your mobile devices against eavesdroppers and freeloaders by using encryption on your wireless network. Implement an additional layer of security such as a VPN (Virtual Private Network) or other secure methods, such as remote access software which allows you to access a computer remotely but over a secure channel.
Know whom you’re buying from when shopping online. Pick reputable merchants, especially when buying from private individuals. Also use an appropriate, safe means of online payment to get some protection against non-delivery.
Take care when sharing your credit card details to buy those special gifts.
Never enter a card number unless you can see a padlock in the web browser window’s frame (rather than in the web page itself) and the website address begins https://. You may not see this until you actually get to the page where you enter your credit card number.
Enjoy safer online shopping – protect your personal details. Use strong passwords and keep your credit card details safe by using additional credit card security. Set up your Credit and Debit cards with “Verified by Visa” or “MasterCard SecureCode” when you receive them. This provides an additional level of security if your card or details are lost or stolen.

At work:

And don’t forget to protect your work computer from hackers, too. Remember, if you get any of those funny emails from unknown sources that ask you to download festive files or open advent email attachments, delete the email.
Treat your company and customer data as you would your own data and protect it like you would your own. If you’re working on a computer, ensure that its information cannot be accessed – keep your password secret and lock your computer screen when you leave your desk for a short period. If person calls you asking for information, make sure you are talking to the person who really is the customer, or a legitimate representative.

With a bit of heightened awareness, your holidays – both at home and at work – should be safe and enjoyable.

Monday, April 19, 2010

Security Threats Don’t Die, They Just Lose ‘Teh Sexay’

By Toby Weir-Jones, Vice President, Product Development, Managed Security Solutions Group, BT Global Services

Last week, we found out that, despite all the progress on both technical and legal fronts, the volume of spam during the first quarter of 2010 increased six percent over last year, according to Google’s Postini group.

Google offered up some insight but its bottom line was “keep moving things to the cloud so we can take care of them for you.” Cloud-based or not, an enterprise mail administrator is still going to deal with virus attachments, image payloads and dangerous embedded links coming into their own server infrastructure. And some users still open/click/download, bless their hearts.

So what makes a security threat go away? Clearly, not 100-percent user awareness or 100-percent effective technologies. Yet management is inclined to think that, if it’s not on the front page of the paper anymore, it must be taken care of. Positive ROI achieved. On to new things!

IT Security Managers know the truth is far less convenient. They’re still dealing with legacy Windows NT boxes, modems, and an inability to keep flash drives out of USB ports. They set up access control lists and proxy servers, and then have to bypass them because “Somebody Who Matters” can’t get to the scheduler for tee times. Yet if they go looking for fresh budget on an “old” problem, their entreaties about evolving attack sophistication and more complex use cases get swept aside.

People who control the budgets but aren’t in the trenches need to understand that it’s very difficult to retire a class of threat, especially when the attackers have monetary incentive to keep trying. Spam works because users keep clicking on the links – even when the mail is in their Spam folder – and the bad guys know this, too.

A coordinated IT Security Plan needs to ensure that defenses against established threats remain relevant and funded, while emphasizing the advantages of integrated tools to keep the hardware and support footprints under control. If you’re buying assessments against your perimeter or internal security, don’t strike off the war dialing just to save a few dollars, because a lot of machines still have modems plugged into POTS. If you have a legacy app which “absolutely needs” some archaic device and all the bizarre workarounds to keep it alive in a current network, spend the money to upgrade the application or build a new solution.

In the end, it’s like your crazy relative who keeps their ancient vacuum cleaner because “it works fine.” They don’t want to consider how limiting their choice is and place no value on the extra time and effort they invest personally. Businesses cannot afford such complacency (or, worse, fear) and IT Security Managers need to be able to communicate the risks clearly and in financial terms.