New Converged Threats Increase Risks for Subscribers, Warns Cloudmark
Operators Urged to Review Security Strategies to Counter Sophisticated Messaging Attacks that Target Fixed, Mobile and Social Networks
San Francisco – August 12, 2008 – Cloudmark, Inc., the global leader in carrier-grade messaging security, today warned of increased risk for converged operators from the online attacker community and urged service providers to review their security strategies to counteract the growing prevalence of attacks across multiple mediums.
Cloudmark has observed online attackers using new, advanced threat techniques that combine attributes of spam, phishing and malware into a single attack, which is then distributed across a variety of mediums. These "converged threats" look for coverage gaps in traditional security solutions that are designed for a specific type of attack, such as a spam or virus outbreak over a specific medium like e-mail. However, because these new, "mash-up" type of attacks blend elements of spam, phishing and/or viruses into a single attack that is unleashed simultaneously across e-mail, mobile, Web and social networks, they evade traditional security solutions.
In order to combat today's threats, Cloudmark is strongly advising service providers to look for security platforms that are threat-agnostic and able to automatically identify and stop attacks across multiple mediums. "
As part of Cloudmark's continuous analysis of global threats, the company has identified several examples of converged attacks:
- "Smishing"—A recent trend in mobile phishing attacks that usually involve the use of VoIP phone number accounts obtained through e-mail phishing attacks as the call to action.
- Modern e-mail viruses—The majority of recent e-mail virus threats no longer distribute viruses as an attachment, but rather host the virus on a Website and distribute e-mails that link to that Website.
- "Crush" attack—A recent attack distributed through SMS messaging, e-mail and social network communication that entice users to login to a Webpage and unknowingly opt in for a premium rate SMS service (see visual examples).
Example of "Crush" spam on e-mail
Example of "Crush" spam on social networking
Example of "Crush" spam on mobile
"Convergence is everywhere, including in the online attacker community," said Jamie de Guerre, chief technology officer at Cloudmark. "To combat today's threats, the only truly effective security solution is one that can stop all forms of abuse—from spam, phishing and viruses to advanced 'converged' attacks, across all mediums—from e-mail and mobile messaging to social networking sites. Only by sealing all potential gaps can service providers deploy new converged services with confidence that both the platforms and their subscribers are protected against today's known abuses and tomorrow's advanced threats."
Note to Editors
Pictorial examples of crush spam across mediums are available by contacting cloudmark@schwartz-pr.com.
About Cloudmark
Cloudmark builds messaging security software that protects communications service provider networks and their subscribers against the widest range of messaging threats. Only Cloudmark Security Platform™ delivers instant security and control across diverse messaging environments, enabling communications service providers to create a safe user experience, protect revenue and safeguard their brand, while streamlining infrastructure and reducing operational costs. Cloudmark's patented solutions protect more than 120 tier-one customers worldwide, including AT&T, Verizon, Swisscom, Comcast, Cox and NTT.