Instant messaging (IM) programs facilitate real-time, text-based communication between two or more users who are using the same messaging program. Though IM first gained popularity as a social interaction tool, it has made its way into the business environment, as well. According to a recent IMlogic Threat Center report, there are now 393 million global users of instant messaging. Because IM was initially developed for social chats, security was not a priority. Now that IM use is increasing in business, however, attackers are finding that most IM systems are virtually unprotected, so threats to IM are quickly increasing. In fact, a recent report by Gartner
predicts that IT administrators who make no effort to protect public IM programs will experience 80% more IM-related security incidents than those that do. The IMlogic report also noted that IM threats grew by 1,693% in 2005.
The most prevalent threats to IM include:
- Worms and Trojan horses: Similar to threats sent by email, worms and Trojan horses via IM can compromise the integrity of your IT systems. Too many IT departments focus on solely on email threats because they are not aware of the number of people using IM in their businesses. This is because individual users can load IM programs directly onto local computers, and IM traffic is often undetectable at the network level. According to the IMlogic Threat Center, “90 % of IM-related security attacks [in 2005] included worm propagation; 9% delivered viruses; 1% of reported incidents exploited known client vulnerabilities or exploits.” Via an IM program, it is possible for a Trojan horse to configure the client to give access to all files on a computer via peer-to-peer file sharing. Ultimately this opens up the entire computer system to attackers.
- Password stealing and impersonation: Hackers can use Trojan horses to gain access to an IM password if it is stored on the computer. Using this method, hackers can have access to the user’s screen name and the user’s entire list of IM contacts. Impersonation is not only harmful to the victim whose password has been stolen, but to anyone who interacts with the hacker and divulges personal information, or executes any files sent by the hacker under the guise of the user.
- Theft of log files: Similar to other forms of information theft, IM log files, which may be stored on a user’s computer, are vulnerable to hackers. In many cases, these files may contain sensitive or private data from a past IM conversation the user has long since forgotten about. This information is readily available via IM logs, however, and can be devastating to businesses if exposed, causing tainted reputations, legal problems, and in some cases, loss of the business.
- Denial-of-service (DoS) attacks: A denial-of-service attack via IM happens when a hacker sends a flood of messages for the purpose of overloading the resources of a computer or network. By the time the victim tries to add the hacker’s screen name to the list of parties that the IM program should ignore, the computer may freeze or crash. Though DoS attacks tend to be more of a hassle and less of a threat than other types of hacks, they can be harmful when hackers combine DoS attacks with other security breaches such as shutting out users from their accounts to hijack systems.
- Privacy intrusion: Outside parties can capture information to use in malicious ways, and employees may not be aware of the ramifications of their IM conversations. Your business could be legally or financially at risk if your employees send confidential information that is subsequently gathered by outside parties. Many IM programs do not offer encryption, making it easy for a third-party to eavesdrop on IM conversations using different types of programs such as packet sniffers. You can deal with this risk by enforcing an IM policy that restricts the type of information that can be exchanged via IM and setting up a system to encrypt IM conversations.
- SPIM: Similar to spam, spim is unsolicited messages sent via IM. Spim can be used to lure unsuspecting users to websites designed to collect private information. Web bots deployed by advertisers and spammers often collect screen names from public directories where individuals can list their IM screen names. To reduce spim, advise employees against listing screen names on any public directories or websites, and also to configure their IM clients to accept messages only from an approved list of contacts.
There are several steps you can take towards creating a more secure IM environment for your business. You can educate employees, enforce company policies on the proper uses of IM, encrypt IM conversations, and install desktop firewalls and antivirus on all machines. Though those steps provide a good first line of defense, it is not enough if your employees are using IM to send secure information or conduct business. Therefore, you should consider corporate IM servers that will allow employees to send messages behind the business firewall to safeguard information from outsiders. Additional best practices include updating IM patches, installing and using vulnerability management tools, and securing IM logs.
There are many advantages to using IM in a business setting. If you and your employees choose to use this communication tool, you need to understand the security threats to IM and how to protect your business. Following the recommendations in this article and the IM Security: How To article can help you understand what you to do to mitigate IM threats to your business.