Risky Employee Behavior on Web Threatens NetworksBy Brian Prince | Posted 2007-01-17 Email Print
Re-Thinking HR: What Every CIO Needs to Know About Tomorrow's Workforce
Today's malware is stealthier, more complex and the doorway to critical data is often opened unwittingly by employees.
Research by FaceTime Communications has found risky Internet activity by employees poses an increasing threat to network security for corporate enterprises.
While the number of unique malware instances was down last year when compared with the 2000 identified in 2005, FaceTime researchers warn today's malware is stealthier, more complex and harder to identify and defend against. According to an analysis of threats tracked or identified by FaceTime Security Labs, 1,224 unique threats on "greynet" applications— programs that network users download and install on their computers, usually without the knowledge of their IT department—were reported in the past year, with attacks over peer-to-peer networks increasing by 140 percent over 2005 levels and multichannel attacks jumping to 29 percent of all attacks in 2006 from 18 percent the prior year.
"The numbers alone don't tell the story," said Chris Boyd, director of malware research at FaceTime Security Labs, in a statement. "The sources of the most insidious threats we identified in 2006 are not the glory-hungry hackers of yesterday. These are cyber-criminals and click-fraud experts who are well-funded, extremely savvy, and their M.O. is to stay in the background and collect as much information as they can before moving on to the next target."
But the doorway to critical data is sometimes opened unwittingly by employees as they introduce greynet applications onto the corporate network without the sanction of their IT department, FaceTime officials said. According to the company's Second Annual Greynets Survey, 39 percent of users believe they should be allowed to "install the applications they need on their work computers," independent of IT oversight or policy, while 53 percent of users report they "tend to disregard" company policies that govern greynet usage, specifically IM and peer-to-peer file sharing.
Meanwhile, the study found 80 percent of IT managers are at locations that have experienced greynet-related attacks within the last six months.
"Despite myriad security technologies employed by enterprise IT managers to block malicious attacks, the user is often the biggest vulnerability, especially on the real-time, socially-networked Web" said Frank Cabri, vice president of marketing for FaceTime, in a statement. "In 2007, the biggest security risk for organizations is likely to be their own users, as employees install consumer-oriented greynet applications onto their workplace computer faster than the IT team can keep up with the corresponding controls."
The motive of the purveyors of malware is largely financial, with the major malware discoveries of 2006 all pointing toward botnets designed to gather personal or banking data for malicious means, FaceTime officials said.
Researchers also outlined some of the top security threats of 2006, including an incident in March when the "Carder" botnets—collectively representing up to 150,000 compromised computers—used a custom-built Perl script to fraudulently scan desktop and back-end systems to obtain credit card numbers, bank accounts and other personal information. The operators could potentially launch these scans from any computer on the botnet to mask their actual location, FaceTime officials said.
"It is more important to understand that, although major network disruptions don't seem to result from malware attacks propagated via IM, the sophistication, complexity and stealthy behavior of these threats make them far more dangerous, " Boyd said.