London, New York, Hong Kong - 6 December 2004 - MessageLabs, the leading provider of managed email security services to businesses, today released its 2004 Email Security Trends and 2005 Predictions report.

The report found that phishing-related online identity theft has established itself as the principal threat of 2004 and may signal the beginning of a wave of email attacks targeted at individuals and small groups of companies. This puts business firmly on the front line in the fight against online attacks, according to MessageLabs, the leading provider of managed email security services to business worldwide.

In September 2003, MessageLabs intercepted 279 phishing emails and by September 2004, that figure had risen to more than two million. During the course of 2004, MessageLabs intercepted more than 18 million phishing emails.

The perpetrators of phishing attacks have also developed new techniques to increase their chances of success. Recently, phishing emails have been designed to capture online banking details automatically when a user opens the email, rather than when the user clicks on URL links within messages. Phishers have also attempted to dupe unsuspecting users into becoming middlemen for money laundering operations.

Spam and virus ratios also rose over the last 12 months, according to the MessageLabs Intelligence End of Year Report 2004. During the year, the virus infection average ratio was 1 in 16, compared to 2003 when it was 1 in 33. The most widespread outbreak of 2004 was W32/MyDoom.A, which hit in January. The average percentage of email identified as spam in 2004 was 73 percent; in 2003, the average was 40 percent.

MessageLabs also witnessed tailored malicious activity ranging from blackmailing online gaming sites with Denial of Service (DoS) attacks to threats to send out child pornography in the name of a particular organization. Recent evidence also suggests that Trojans and other malicious code have been developed during 2004 specifically to compromise particular organizations, a trend that MessageLabs expects to continue in 2005.

“As predicted at the start of the year, email security attacks remain unabated in their persistence and ferocity. The major development of the year has undoubtedly been the emergence of phishing – in just 12 months it has established itself as a threat to any organization conducting e-commerce,” said Mark Sunner, chief technology officer of MessageLabs.

“We believe that the targeting of certain companies characteristic of phishing attacks could signal the beginning of a wider trend. Already, businesses are being threatened and blackmailed, which could indicate a shift from random, scattergun approaches to customized attacks designed to take advantage of the perceived weaknesses of some businesses.”

As well as the threat from targeted fraud, MessageLabs sees that other top-of-mind issues facing IT departments and executives is regulatory compliance. Laws related to financial reporting and disclosure require companies to have policies for monitoring, securing, reporting and archiving all business transactions, including email and instant messaging correspondence.

“Compliance is a big concern already and many firms have yet to grasp the impact it will have on the administration, management and security of email. Failure to comply could not only lead to potential legal problems, it could also threaten a company’s credibility and reputation. It is vital to ruthlessly evaluate email management solutions and consider current and potential future regulatory requirements when deciding how best to ensure compliance,” said Sunner.

The Statistical Monthly Breakdown for 2004



2004 Month
Viruses
Spam
Phishing

January
1 in 129 (0.1%)
1 in 1.6 (63%)
337,050

February
1 in 19 (5.1%)
1 in 1.7 (60%)
259,014

March
1 in 43 (2.3%)
1 in 1.9 (53%)
215,643

April
1 in 10 (9.5%)
1 in 1.5 (67.6%)
205,953

May
1 in 10 (9.1%)
1 in 1.3 (76%)
247,027

June
1 in 10 (9.3%)
1 in 1.2 (86.3%)
264,354

July
1 in 14 (7.3%)
1 in 1.1 (94.5%)
2,493,734

August
1 in 15 (6.9%)
1 in 1.2 (84.2%)
3,015,685

September
1 in 21 (4.8%)
1 in 1.4 (72.1%)
2,098,012

October
1 in 32 (3.1%)
1 in 1.3 (76.8%)
4,838,962

November
1 in 33 (3%)
1 in 1.4 (73.8%)
4,522,495

AVERAGE
1 in 16 (6.1%)
1 in 4 (73.2%)
18,497,929

About MessageLabs

MessageLabs is a leading provider of integrated messaging and web security services, with over 30,000 clients ranging from small business to the Fortune 500 located in more than 100 countries. MessageLabs provides a range of managed security services to protect, control, encrypt and archive communications across Email, Web and Instant Messaging.

These services are delivered by MessageLabs globally distributed infrastructure and supported 24/7 by security experts. This provides a convenient and cost-effective solution for managing and reducing risk and providing certainty in the exchange of business information. For more information, please visit www.messagelabs.com.

Media Contacts:

US:
Marissa Vicario, MessageLabs, +1 646 519 8116, mvicario@messagelabs.com,
Hill & Knowlton for MessageLabs, +1 212-885-0552, messagelabs@hillandknowlton.com

EMEA:
Paul Wood, MessageLabs, +44 (0) 1452 627705, pwood@messagelabs.com
Weber Shandwick for MessageLabs, +44 (0) 20 7067 0500, mlukpr@webershandwick.com

APAC:
Andrew Antal, MessageLabs, +61 2 8208 7171, aantal@messagelabs.com
Spectrum Communications for MessageLabs, +61 2 9954 3299, messagelabs@spectrumcomms.com.au