First came dreaded digital virus outbreaks that brought networks to their knees for the sheer, twisted thrill of it. Then ï¿½spamï¿½ emerged, commandeering email for slightly nobler capitalistic purposes, like blast mailing offers for everything from mortgages to diet pills and mail orderï¿½ well, you get the idea.
Subsequently, marketing and maliciousness have merged, giving rise to ï¿½phishing.ï¿½ This latest permutation elevates junk mail to the realm of the illegal. Phishers pose as our email and ecommerce providers, our banks and credit card companies, and other trusted vendors, prompting us to enter guarded personal information for falsified purposes, like keeping our account info current. Perhaps surprisingly, even seasoned email users still open the occasional attachment from a total stranger and fall victim to these newer, more convincing phishing frauds.
Collectively, phishing, spam, and ever more deadly viruses have users looking to IT departments for solutions, and IT departments looking to service providers, and service providers looking ï¿½ hereï¿½s the twist ï¿½ back to users. Annoying, costly, and criminal to all concerned, messaging abuse is driving service providers and subscribers to collaboration like never before. A revolutionary concept, and one in which a few details remain to be hammered out.
This article overviews the overt and hidden costs incurred through messaging abuse, baseline principles for defending against it, and the newest threats on the horizon. Without becoming victims, end users can, by adopting aggressive strategies for battling malevolent messages, ultimately restore the sanctity of email. They can also deliver substantial savings ï¿½ in dollars, days, disputes and, for service providers, subscriber desertion.
Whose Problem Is It Anyway?
Any email power user can attest to having lost time separating the wheat from the chaff (i.e., sifting through unsolicited newsletters, product promos, chain letters to identify legitimate communication). Now, however, the sheer volume of actual spam, along with the emergence of phishing with potentially devastating legal and financial consequences, has propelled messaging security to the top of many companiesï¿½ priority lists and to their service provider wish lists.
Service providers are doubly motivated. Besides customer satisfaction, the inspiration for many infrastructure investments, messaging abuse is appealing to providersï¿½ other perennial concern: cutting costs. In a way, the two are closely tied, since a customer support call to help a subscriber retrieve an email that should have not been detained could cost providers a staggering $10-15.
But support aside, providers are grappling with the exorbitant costs of maintaining most anti-spam systems, including, CPU costs, additional servers to move messages at IM-like speed, and wasted storage space consumed by detained spam. The latter alone can drain a Tier 1 or 2 providerï¿½s budget by $1M or more each year: At a time when 85-95% of all messaging is spam, inefficient filtering is allowing about 50% of junk to get through and fill message stores, wasting 15-30% of storage space.
Whatï¿½s more, the intensive processing requirements of legacy filtering systems are, in turn, requiring ever greater investment in those systems. Unnecessary weight on mail transport units, inbound and outbound, further increases customer frustration with delayed mail, or increases expenditures as service providers seek to exacerbate that frustration with even more spend on equipment. An untold and unnecessary investment in waste ensues.
The combined reality of losing customers and losing money has providers moving quickly. Many are introducing separate anti-spam and anti-phishing solutions alongside existing anti-virus solutions that address these newer threats, but do so inadequately. Many are paying closer attention to users reporting email abuse, or becoming part of global detection communities, such as Cloudmarkï¿½s Collaborative Security Network. Working more closely with customers conveys a spirit of teamwork that bolsters loyalty and, on the more practical side, leads to infinitely more rapid and accurate detection of new threats. The alternative ï¿½ teams of analysts scrutinizing messages for clues, writing and testing new rules, and creating ever-growing repositories of lists and definitions that must be checked against every message ï¿½ delays the process and, with the gathering speed at which they morph, misses them altogether.
Emerging Threats: Fortifying the Front Lines
Time is, quite literally, money. Depending on the type of threat, every hour that passes can translate into exponentially more people receiving an unchecked bad message. In the case of viruses, rapid detection can mean the difference between thousands of networks worldwide being down for a day and never receiving the virus at all.
Time lapses also make a huge difference in catching the ï¿½bad guys.ï¿½ Phishing, which contains an inherently criminal element, generally involves collecting information via temporary URLs or IP addresses that remain in effect only long enough to collect information, but are destroyed quickly enough avoid traceability. Reporting these scams early on increases odds of pinpointing their origins before sites are destroyed and protecting thousands of subscribers from personal loss.
During the past 18 months, collaboration has evolved messaging security beyond playing ï¿½catch upï¿½ with virus, spam, and phishing attacks into focused front lines of defense that disarm and dissect emerging threats in real time. The key to successful collaboration is twofold.
First, the credibility of those flagging and forwarding emails for review and processing must be maintained and ensured. Second, once a message arouses suspicion, the process of evaluating and stopping it in its tracks must be intuitive, automated and, most importantly, fast. The power users that make up Cloudmarkï¿½s highest rated (top 10%) reporters can spot a bad message more quickly than any machine, click ï¿½report,ï¿½ and instantly shoot it back through the feedback system, where it is compared and confirmed by reports from other highly trusted (and continuously rated) users, then ï¿½fingerprintedï¿½ via a unique algorithmic process. These fingerprints are then proliferated out to the entire global system minute by minute to prevent bad messages and their morphed brethren from ever reaching other members of the collaborative network... around the globe, in any language, within moments of initial identification. Rapid, effective processing of messages identified by proven reporters can squelch attacks in
minutes versus hours, days, or even weeks.
Staying in Front of the Curve
Striking the optimal balance between human intervention and technological automation is an ongoing process that will continue to morph and sometimes, if users and providers are fortunate, will remain a step ahead of new messaging threats. For the foreseeable future, key challenges remain.
VoIP-based threats: The use of VoIP has historically progressed from the inside out, saving money on the public backbone or infrastructure, then in corporate VPNs, and, finally, desktop phones and other messaging devices. The same is occurring with phishing, as those launching attacks are impersonating financial institutions asking people to dial into VoIP-based PBX and IVR systems that prompt them for personal info. IP reduces overhead costs and makes it easier to generate and delete fraudulent phone numbers.
Early detection is key, as well as having a system flexible enough not to have to require detaining all messages containing phone numbers. Awareness also goes a long way; providers and subscribers should share tips such as verifying the phone numbers in suspect emails against those printed on ATM cards and bank statements.
Mobile messaging security: Users of cell phones and other wireless platforms find the idea of receiving spam on their mobile devices particularly distasteful. First, itï¿½s a new violation of our privacy that weï¿½re not desensitized to yet. Worse, many users pay per message rates rather than subscribing to unlimited email plans. Mobile spam and phishing attacks are destined to spike in number and related costs. The provider that offers the same ï¿½spot-report-blockï¿½ capability for mobile threats with additional methods for users to report spam from their mobiles will keep subscribers from straying in large numbers.
Moving the needle: A key issue from core to customer is the lack of metrics available to both users and service provider execs. Providers may be doing a great job blocking spam and phishing, but receive no credit for it because they lack the means to track and inform users of how many threats have been thwarted. On the flip side, service provider executives have insufficient means of assessing the costs of downtime, customer service, processing power, and, perhaps worst of all, restoring ï¿½false positives,ï¿½ or the emails that shouldnï¿½t be held up.
A service provider-branded graphical user interface enables subscribers to easily view the number of ï¿½badï¿½ messages stopped by the global threat network, the service providerï¿½s network specifically, and even by the user. Cloudmark research and support teams have noted a fascinating sociological phenomenon, whereby subscribers are anxious to participate in ï¿½stopping the bad guysï¿½... a function of the ï¿½zap ï¿½emï¿½ mentality of now three generations of digital gamers?
Perhaps for the first time, the experience of collaborating, communicating, and congratulating one another will profoundly change the way providers and customers interact. Long term, a growing sense of team spirit may prove to be an invaluable silver lining behind the cloud of messaging abuse for ISPs, wireless, cable, and telephony providers. Short term, however, it will be an area of change, investment, and learning.
Thankfully, providers seem to be uniquely proactive. It would be great if the concerted effort being waged by service providers and subscribers made spam, phishing, and viruses so unprofitable that they all but disappear. That, however, is unlikely, since, as technology progresses to benefit legitimate business, so, too, will it benefit phishers. The key is investment in systems that spot and stop messaging threats as quickly as possible. IT
Jamie de Guerre is Technical Director, Program Management at Cloudmark and a recognized expert in messaging security technologies. For more information please visit the company online at www.cloudmark.com.
If you are interested in purchasing reprints of this article (in either print or PDF format), please visit Reprint Management Services online at www.reprintbuyer.com or contact a representative via e-mail at firstname.lastname@example.org or by phone at 800-290-5460.