Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

MessageLabs Reports Targeted and Malicious Email Attacks Against Businesses On The Rise

  • 21 June, 2005 09:41

<p>MessageLabs, the leading provider of email security and management services to businesses, today announced that the number and sophistication of targeted email-borne attacks on businesses is rapidly increasing, with the potential to defraud businesses, steal intellectual property and extort money.</p>
<p>According to trend analysis of MessageLabs Intelligence data, there has been a gradual occurrence of targeted email attacks against businesses and organisations over the last year but, more recently, one to two incidences are intercepted each week. These attacks are most often directed at government departments, military organisations and large corporations, particularly within the aerospace, petroleum, legal and human rights industries.</p>
<p>The motivation behind today’s new email-borne threats is far more sinister than traditional methods of large-scale attacks. No longer is the threat simply one of being caught up in collateral virus damage targeting the online world at large, or to hijack machines to send spam, but new criminal methods show a preference for selecting a particular target, whether an individual or an organisation. Often such attacks are financially, competitively, politically or socially motivated.</p>
<p>“The risks associated with such attacks are not only technically led (data loss, infrastructure downtime), but potentially libelous, impacting brand reputation, as well as employee, client and partner relations,” said Mark Sunner, chief technology officer of MessageLabs. “Consequences are potentially damaging and costly, with major effects on revenues, share price and bottom line – and above all loss of intellectual property and trade secrets.”</p>
<p>As computer users and online businesses become more aware of, and protect themselves against, the risks associated with the Internet and email threats, the perpetrators of these attacks are constantly developing new techniques to increase their chances of success.</p>
<p>Recently in the UK, police arrested two computer consultants alleged to be part of a massive industrial espionage scandal uncovered in Israel in which Trojan software was used by leading companies to allegedly steal confidential information from competitors and monitor their activity. Well known businesses were accused of using the malware to send to competitors’ computers via an email attachment, purporting to be a normal business proposal to trick users into downloading spyware.</p>
<p>MessageLabs has also seen a rise in spear phishing globally this year, designed to trick unsuspecting ‘colleagues’ into revealing information that will give the perpetrator access into secure areas of corporate networks. Emails appear as though they were sent by another member of staff within the same organisation, typically from the IT or HR departments. The phisher tries to persuade employees into revealing some private information by offering small rewards. Moreover, there are still many businesses that also provide a rich harvest of personal email addresses on their website, which may then be easily spoofed.</p>
<p>These are just a couple of examples of recent targeted attacks, but demonstrate the damage that could be done to victim organisations.</p>
<p>“It’s natural for organisations to distance themselves from such attacks – “it won’t happen to me!” - but attacks such as these have already happened to several major organisations worldwide,” said Mr Sunner. “That is why every business organisation needs to take these threats seriously. We work with email everyday; our businesses depend on it. It has the same permanence and legitimacy as a written document and its all pervasive nature is what makes unsecured email such a significant threat to businesses.”</p>
<p>The rise of customised attacks target individual weaknesses in companies’ security defenses and demand that a more holistic approach to email security management is adopted. Organisations need to create and enforce stringent, formalised email security policies, alongside proactive technology measures including Internet level scanning of emails before they reach the network boundary, to protect against known and unknown threats.</p>
<p>Traditional anti-virus solutions that are signature-based provide a reactive approach and require signature updates to be effective, providing little defense from these kinds of targeted attacks. The window of vulnerability created – the time between an outbreak and a cure – is simply too wide for a company to risk. Traditional anti-virus software can only offer protection after a major outbreak has occurred, and these carefully targeted Trojans never attract that kind of attention. Studies by MessageLabs have shown that the typical time for signatures to appear for targeted Trojans is between one and three months. Companies need to realise that they cannot rely solely on traditional reactive methods.</p>
<p>MessageLabs’ range of email security and management services including Anti-Spam, Anti-Virus, Content and Image Control, and Boundary Encryption, provides organisations with a comprehensive range of managed email security at the Internet level, without the hassle, inconvenience or additional cost of traditional software or hardware solutions. These services ensure the integrity of electronic communications, helping businesses to manage and reduce risk while securing their critical infrastructure and business information from the increase in targeted email-borne attacks.</p>
<p>About MessageLabs</p>
<p>MessageLabs is the world's leading provider of email security and management services with more than 12,000 clients and offices in eight countries. For more information, please visit</p>

Most Popular