Postini has been on the front lines in the battle against spam since 1999, so it was a great opportunity for me to get a chance to speak with Dan Druker, Executive Vice President of Postini, about current and future threats against email and the internet.
"Virtually everyone who is listening to this will have seen an explosion in threats and attacks on the internet really starting in the 4th quarter of 2006. We process more than a billion messages a day at Postini and what we have measured is a dramatic shift in the world of internet threats," Druker said.
Druker then detailed the recent change in methodology: "The source of spam has gone from the ISPs that are weak in terms of usage policies to now these things called botnets, which are networks of more than a million infected personal computers connected to high-speed networks that are controlled by these criminal networks. It is grid computing gone bad, and it's changed the amount of bad stuff on the internet to record levels. We measured in December almost 95% of all messages on the internet are unwanted or malicious."
This goes hand-in-hand with the major shift in the people perpetrating these cybercrimes. "Today, criminals have learned that committing internet crime is a way to make money at very low risk of getting caught and make a lot of money." Criminals are now hiring computer scientists the write malicious code. Druker goes on the say that malicious software has two main goals: "First, steal your personal information to commit identity theft and fraud off of personal computers. Second, they're designed to harness these personal computers to turn into these botnets."
"This is related to the bad guys getting more sophisticated. So what you're really describing is multi-channel threats. What's happening is that they're trying to get around your natural human inclination to be suspicious. So the attacks are more real time then ever before."
Druker explained that this represents the future of internet threats: Web 2.0. "The bad guys are also using Web 2.0 communities to do phishing attacks. You're more likely to respond if you think you're getting a note from you're friend from YouTube or one of the other community sites. The attacks are very sophisticated and often times you simply can't tell that an email is not coming from your bank and the site you're being redirected too isn't really it. It's very difficult and it's driven by how good the bad guys are getting."
Also, for a company processing over 1 billion messages a day like Postini, I was quite interested to hear Druker's prediction on what to expect in 2007. "We've had two of the largest intent worms in history have hit in the last 45 days. These worms were designed not just to steal information but to also infect more to grow the botnets. That means that the amount of spam and viruses, going into the first half of 2007, will be the largest it has ever been, simply based on more computers around the world infected to spew the stuff."
"The second prediction we'd make is that web 2.0 is taking off so quickly that...what we see is a tiny percentage of businesses even have a policy in place about web 2.0. I mean, what is the policy on leaking confidential information out of the company via blog and chats. Are users really aware that there is danger in YouTube and MySpace and securing that access?"
The solution: "Postini's job is to simply make this problem go away. Postini is a communication security and compliance company." Drucker then said, "We sit in front of our companies business and we block threats from email, instant messaging and the web. When you turn Postini service on 94% of your email traffic will simply go away because we're blocking out all the bad stuff out in the internet before it ever gets to you. We do the same thing for instant messaging traffic and for web as well. We protect it from those attacks and keep you safe."
But those are just the highlights; give the entire podcast a listen.