NEW YORK – December 20, 2005 – MessageLabs, the leading provider of messaging security and management services to businesses, today predicted that there would be continued growth in targeted email attacks against businesses in 2006, increasing sophistication in phishing attacks that steal other personal information and threats that exploit Web, Instant Messaging (IM) and mobile devices will be other key security trends for 2006.

In its 2005 Annual Security Report, MessageLabs Intelligence revealed that the convergence of threats presented by email, IM and the Web will lead to a greater risk for enterprises over the course of 2006, despite 2005 being one of the most disruptive years on record. The report also highlights that the virus and spam community will increasingly target IM, as this channel presents a widening ‘backdoor’ to the enterprise. As IM adoption increases and platforms standardize, IM will be a more attractive target for spammers and an increased number of spam and trojan attacks will be distributed in this way. Mobile devices will also become a target for malware as means to gain covert access to enterprises by exploiting user ignorance and low levels of mobile security.

“2005 will be remembered as the year when messaging security risks shifted from mass random attacks to more highly designed, targeted threats,” said Mark Sunner, chief technology officer, MessageLabs. “It was the year we saw threats move from service disruption to data, intellectual property and identity theft.”

“In the run up to the holiday season, we have seen an increase in trojan and botnet activity, which has resulted in a wave of holiday phishing and spam,” Sunner continues. “This is evidence of a concerted effort by the scammers to steal personal and business data,” he adds.

Threats in 2005
The MessageLabs Intelligence Report summarizes threat activity in 2005 and how it has affected the security market. The top global threats included:

Spam - The overall spam trend for the first half of 2005 has seen a leveling of spam levels in line with 2004 yearly figures, with an annual average percentage of 68.6 percent or 1 in 1.46 emails identified as spam. However, in the closing months of 2005, the rate of spam email has increased to match the peak seen in January. The most frequently targeted industry sectors are telecommunications and healthcare, where almost 80 percent of email traffic was spam. Displaying an increase in stealth and ‘hit and run’ behavior, research found that 28.9 percent of spam domains are used for less than 24 hours, and 9.9 percent are used for less than 3 hours.

New targets - Targeted attacks from cyber-criminals intent on industrial espionage have emerged as a new style of threat to organizations. MessageLabs intercepted around 2-3 highly targeted attacks per week during 2005. The report also indicated an escalation in the level of attacks aimed at certain business sectors over the course of 2005, a common target was administration, leisure and tourism, manufacturing, which found 13 percent of all emails as harmful. The 2005 annual average percentage of malware attacks in email is 2.8 percent, or 1 in every 36.15 emails contained a virus or trojan.

Phishing – This continued to be a major threat during 2005, MessageLabs intercepted more than 62.5 million phishing emails during the course of the year, resulting in an annual average of 0.3 percent or 1 in every 304 emails identified as a phishing attempt. However, 2005 saw different patterns emerging since the peak phishing season in January, although overall volumes were greater in May, the ratio in mail for January was 1 in 126.5 emails, or 0.79 percent. Phishing accounted for 27 percent of malicious email traffic intercepted in January 2005, the annual average was 13.1 percent.

Botnets – Cyber-criminals seemingly now prefer to have greater numbers of smaller and more discreet networks of hijacked computers under their control, and in 2005 the average size of a botnet reduced. Botnets are hired out for use by spammers, adware and spyware merchants and other criminal gangs for fraudulent or criminal purposes. The number of Trojan borne emails increased significantly in 2005 as cyber-criminals adapted from sending mass-mailing viruses to sending more targeted trojans using botnets.

Predictions:

Phishing – This continued to be a major threat during 2005, MessageLabs intercepted more than 62.5 million phishing emails during the course of the year, resulting in an annual average of 0.3 percent or 1 in every 304 emails identified as a phishing attempt. However, 2005 saw different patterns emerging since the peak phishing season in January, although overall volumes were greater in May, the ratio in mail for January was 1 in 126.5 emails, or 0.79 percent. Phishing accounted for 27 percent of malicious email traffic intercepted in January 2005, the annual average was 13.1 percent. MessageLabs intercepted over 62.5m phishing emails in 2005, compared with the same period in 2004 the company stopped 18m, representing an increase of 238 per cent in volume.

Instant Messaging - Spammers will diversify further into the IM ecosystems as business adoption of IM increases and as the "big three" IM protocols begin to standardize in 2006 and onwards. Cyber-criminals will seek to capitalize on this opportunity as IM presents an increasingly attractive criminal gateway into the enterprise.

Domain hopping - Will become more popular with spammers as it not only makes the spammers harder to track, it also makes it more difficult for spam filters using domain reputation systems to identify such spam without becoming too aggressive.

Mobile security - Criminals will continue to attempt to gain access to users' mobile devices as the proliferation of wireless technologies like Wi-Fi spreads to airplanes, trains and other public locations. They will seek to exploit user ignorance and low levels of mobile device security countermeasures to gain covert access to enterprises. “In 2006, businesses will adopt policies and services that scale to meet both existing and new threats – however, they will need to plug the gaps presented by new technologies such as IM,” said Mark Sunner, chief technology officer, MessageLabs. “The risks associated with messaging threats such as IM attacks are not limited to data loss, infrastructure downtime and other technical disruptions, but can also impact brand reputation, regulatory compliance, as well as employee, client and partner relations,” he adds.

The full MessageLabs Intelligence Report is available at MessageLabs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs provides a range of information on global security threats based on live data feeds from our control towers around the world. MessageLabs provides a range of ‘in the cloud’ services for email, web and instant messaging to protect organizations from threats like viruses and spam, ensure policy enforcement and provide complete confidentiality through encryption. This managed service approach allows organizations to manage their messaging without the hassle, inconvenience or additional cost of traditional software or hardware solutions. These services ensure the integrity of electronic communications, helping businesses to manage and reduce risk while securing their critical infrastructure and business information.