New Converged Threats Increase Risks for Subscribers, Warns Cloudmark
Operators Urged to Review Security Strategies to Counter Sophisticated Messaging Attacks that Target Fixed, Mobile and Social Networks
San Francisco – August 12, 2008 – Cloudmark, Inc., the global leader in carrier-grade messaging security, today warned of increased risk for converged operators from the online attacker community and urged service providers to review their security strategies to counteract the growing prevalence of attacks across multiple mediums.
Cloudmark has observed online attackers using new, advanced threat techniques that combine attributes of spam, phishing and malware into a single attack, which is then distributed across a variety of mediums. These "converged threats" look for coverage gaps in traditional security solutions that are designed for a specific type of attack, such as a spam or virus outbreak over a specific medium like e-mail. However, because these new, "mash-up" type of attacks blend elements of spam, phishing and/or viruses into a single attack that is unleashed simultaneously across e-mail, mobile, Web and social networks, they evade traditional security solutions.
In order to combat today's threats, Cloudmark is strongly advising service providers to look for security platforms that are threat-agnostic and able to automatically identify and stop attacks across multiple mediums. "
As part of Cloudmark's continuous analysis of global threats, the company has identified several examples of converged attacks:
- "Smishing"—A recent trend in mobile phishing attacks that usually involve the use of VoIP phone number accounts obtained through e-mail phishing attacks as the call to action.
- Modern e-mail viruses—The majority of recent e-mail virus threats no longer distribute viruses as an attachment, but rather host the virus on a Website and distribute e-mails that link to that Website.
- "Crush" attack—A recent attack distributed through SMS messaging, e-mail and social network communication that entice users to login to a Webpage and unknowingly opt in for a premium rate SMS service (see visual examples).
Example of "Crush" spam on e-mail
Example of "Crush" spam on social networking
Example of "Crush" spam on mobile
"Convergence is everywhere, including in the online attacker community," said Jamie de Guerre, chief technology officer at Cloudmark. "To combat today's threats, the only truly effective security solution is one that can stop all forms of abuse—from spam, phishing and viruses to advanced 'converged' attacks, across all mediums—from e-mail and mobile messaging to social networking sites. Only by sealing all potential gaps can service providers deploy new converged services with confidence that both the platforms and their subscribers are protected against today's known abuses and tomorrow's advanced threats."
Note to Editors
Pictorial examples of crush spam across mediums are available by contacting cloudmark@schwartz-pr.com.
About Cloudmark
Cloudmark protects 2 billion global subscribers daily from an explosion in messaging abuses across more operator networks than anyone else. Only Cloudmark defends the world’s largest Mobile, Fixed and Social Media Providers, including AT&T, Comcast, MySpace, NTT, Swisscom and Time Warner Cable, with scalable and accurate protection against the widest range of existing and emerging messaging threats.