Protect Your Business from Instant Messaging Threats The most prevalent threats to IM include: Worms and Trojan horses: Similar to threats sent by email, worms and Trojan horses via IM can compromise the integrity of your IT systems. Too many IT departments focus on solely on email threats because they are not aware of the number of people using IM in their businesses. This is because individual users can load IM programs directly onto local computers, and IM traffic is often undetectable at the network level. According to the IMlogic Threat Center, “90 % of IM-related security attacks [in 2005] included worm propagation; 9% delivered viruses; 1% of reported incidents exploited known client vulnerabilities or exploits.” Via an IM program, it is possible for a Trojan horse to configure the client to give access to all files on a computer via peer-to-peer file sharing. Ultimately this opens up the entire computer system to attackers. Password stealing and impersonation: Hackers can use Trojan horses to gain access to an IM password if it is stored on the computer. Using this method, hackers can have access to the user’s screen name and the user’s entire list of IM contacts. Impersonation is not only harmful to the victim whose password has been stolen, but to anyone who interacts with the hacker and divulges personal information, or executes any files sent by the hacker under the guise of the user. Theft of log files: Similar to other forms of information theft, IM log files, which may be stored on a user’s computer, are vulnerable to hackers. In many cases, these files may contain sensitive or private data from a past IM conversation the user has long since forgotten about. This information is readily available via IM logs, however, and can be devastating to businesses if exposed, causing tainted reputations, legal problems, and in some cases, loss of the business. Denial-of-service (DoS) attacks: A denial-of-service attack via IM happens when a hacker sends a flood of messages for the purpose of overloading the resources of a computer or network. By the time the victim tries to add the hacker’s screen name to the list of parties that the IM program should ignore, the computer may freeze or crash. Though DoS attacks tend to be more of a hassle and less of a threat than other types of hacks, they can be harmful when hackers combine DoS attacks with other security breaches such as shutting out users from their accounts to hijack systems. Privacy intrusion: Outside parties can capture information to use in malicious ways, and employees may not be aware of the ramifications of their IM conversations. Your business could be legally or financially at risk if your employees send confidential information that is subsequently gathered by outside parties. Many IM programs do not offer encryption, making it easy for a third-party to eavesdrop on IM conversations using different types of programs such as packet sniffers. You can deal with this risk by enforcing an IM policy that restricts the type of information that can be exchanged via IM and setting up a system to encrypt IM conversations. ·SPIM: Similar to spam, spim is unsolicited messages sent via IM. Spim can be used to lure unsuspecting users to websites designed to collect private information. Web bots deployed by advertisers and spammers often collect screen names from public directories where individuals can list their IM screen names. To reduce spim, advise employees against listing screen names on any public directories or websites, and also to configure their IM clients to accept messages only from an approved list of contacts. Recommendations Conclusion from Symantec |
Officer Randy Chuck was struggling to get his reports done within the day. People were…
The Criminal Lair The dark, dimly lit room was filled with the humming sound of…
In today's digitally interconnected world, Virtual Private Network (VPN) connectivity has become a fundamental component…
In today's digital age, businesses rely heavily on cloud-based solutions to streamline operations, enhance collaboration,…
Cyber security tools are unsung heroes that protect our data and privacy from evolving threats…
With the evolution of cyber threats, up-to-date antivirus solutions are synonymous with protecting personal and…