Fans of Resident Evil and The Walking Dead, rejoice.
For years now, you’ve been warning your co-workers about the impending apocalypse. It’ll probably be masterminded by an evil corporation, but it might be the product of some misguided organization blinded by its own hubris. Its motives will be honorable, but it will lose control, bringing about an unprecedented infection of the human race. If any of this sounds familiar to you, remove your tinfoil hat for a moment and get a load of this. According to the folks over at ZDNet, the zombies might already be out there. They’re not the zombies we all hope for, however: they don’t crave brains and they don’t make a viable target for a pickaxe to the skull. But they may very well be infecting the corporate networks of the world, and they could be a sign of things to come.
In an article entitled “Spam Zombies? They May be Alive and Kicking on Corporate Networks,” ZDNet’s Toby Wolpe discusses how, even though Bill Gates predicted the death of spam in 2004, we’re ten years out from that bold statement and nowhere near eradicating the nasty stuff. At the World Economic Forum in 2004, Gates spoke of a three-pronged approach to ending spam, ultimately stating that Microsoft was “pursuing all three approaches, and [that] spam [would] soon be a thing of the past.”
A noble sentiment from Lord Bill, but we’re in 2014 now and everyone knows that about 70% of all email is spam. And to make matters worse, it appears that much of the spam traffic that we’re experiencing is coming from behind corporate firewalls. It’s well-known that the US has been a major contributor to the spam problem for some time now, but that number just doesn’t seem to jibe when we consider the profile of your average spam-producing nation. It’s difficult to reconcile such a dominant spam footprint with the US, a country that just doesn’t fit the mold. ZDNet reports that the solution to the conundrum might reside in the size and highly-developed status of the US. “America’s 14.5 percent share of the total spam volume sent in the final quarter of last year owes more to the country’s population size and high connectivity than the presence of individual spammers.”
It’s probably the case that the spammers don’t reside in the US. The problem then becomes where the traffic is really coming from. The answer lies in the spam delivery system. “Although most spam originates from home users,” ZDNet reports, “evidence from recent data breaches demonstrates that remote-control malware inside corporate networks is a significant problem.”
Some of those breaches have been financial companies, and lest you think that we’re singling out the US, we’re not. We’ve seen plenty of corporate breaches in other countries. Only recently, in the UK, several banks were discovered to be infected by Conficker, with 20 incidents uncovered in 2013 alone. But because the US represents the largest single footprint for spam, what exactly is going on?
Well, spam is going on, and the sad truth is that users inside corporations are still clicking those disastrously dangerous links delivered through spam channels. To make matters worse, the landscape has become even more dangerous, with the separation between home and work becoming blurred by WiFi access points, bring your own device (BYoD), VPN connections, and loose security standards for mobile devices and mobile PCs. Add to that the posit that IT organizations probably aren’t doing a good enough job at training corporate personnel, and that they may not have clearly-defined training manuals, security updates, and policies in place, and it’s not difficult to imagine why corporate US has become infected. Again, remember that we’re not pointing the finger at the US. As ZDNet points out, the size and technical advancement of America amplifies the problem.
We’re certainly seeing how the problem is made worse by recent data breaches at Target and other US retailers. Whether it’s a case of the hackers being smarter than the security guys, or whether the delivery mechanism (spam) is simply too massive a footprint to be completely inoculated against, the harsh reality is that we could all be in trouble.
Remember Stuxnet. It was built on the back of Conficker, and all that nasty little piece of espionage code managed to do was take out nuclear centrifuges. It’s a pretty stark reality. If spammers can get inside the firewall, then they can begin to see what’s in there. And if we’re not doing a good enough job of catching it before it happens, then all we’ll be doing is trying to fix it after it’s happened.
Food for thought.