Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

ISPs Under Pressure To Crack Down On Bots And Spam

Costs of outbound spam and pressures from new laws and regulations driving Internet service providers to clean up their own networks

For Internet service providers, e-crime is not cheap.

The problem of customers' compromised computers sending spam can dramatically impact an ISP's bottom line, according to a survey by Osterman Research released today: Nearly 40 percent of ISPs had their IP addresses blacklisted by the Real Time Blackhole Lists (RBLs) in the past year. A blacklisted mail server could lead to dropped e-mail -- and an increase in support calls to the ISP.

The outbound spam issue highlighted by the report is one example of the business issues that compromised computers pose for ISPs. One in six providers spends more than $100,000 attempting to prevent outbound spam from impacting their business, according to the report, which was funded by e-mail security service CommTouch.

"I haven't found a service provider that does not have at least a couple of people tasked with dealing with outbound spam," says Asaf Greiner, vice president of product for CommTouch. "If you don't deal with outbound spam, you run the risk of having your IPs blocked."

Nearly half of respondents said outbound spam adds to their costs of doing business, wastes time for the IT departments, damages their reputations, and affects their customers' service levels.

The outbound spam problem is just one way Internet service providers are being driven by regulatory and market forces to pay more attention to the security of their customers' networks. Some Internet service providers have already embarked on initiatives to clean the traffic flowing through their systems. ISPs in Australia, for instance, have signed an agreement to notify consumers if a PC is compromised by malicious software. Those ISPs could curtail the compromised computer's bandwidth to slow the spread of harmful code. In the Netherlands, more than a dozen ISPs have agreed to exchange information about security issues, notify users if their system is compromised, and block traffic from infected systems, essentially quarantining users.

"I am a firm believer in the role of ISPs helping to protect customers against security threats," said Jose Nazario, senior researcher at network security firm Arbor Networks, in a recent interview. "It needs to go beyond the practices that we have seen in the past, beyond blocking traffic and protecting the network, to protecting customers themselves. If they are spamming the network, they are going to get their traffic dropped. That is a significant business impact."

ISPs' security measures, however, have to strike a delicate balance: Block too many compromised users and the support calls could beggar the business, but block too few and the ISP runs the risk of government intervention or being added to the blacklists. A single customer call can cost an ISP as much as the profit from the customer over two years, says Nazario.

Yet if large ISPs tackle the issue of compromised computers in their networks, the problem of spam is solvable, according to a paper presented this week at the Workshop on the Economics of Information Security. Researchers from Delft University of Technology in the Netherlands, Michigan State, and Trend Micro found that two-thirds of compromised IP addresses were located in the networks of the top 200 ISPs. The research analyzed more than 63 billion unsolicited e-mail messages during a four-year period, finding more than 138 million unique sources of spam. By correlating the source IP addresses with the networks maintained by Internet service providers, the researchers discovered that a small number of networks were responsible for the majority of spam. The top 50 networks, for example, accounted for more than half of all compromised IP addresses.

Convince those 50 ISPs to solve their customers' security problems, and you can make a significant dent in spam, says Michel van Eeten, professor of public administration at Delft University of Technology and one of the paper's authors.

"Those 50 ISPs ... are the ones we deal with every day, and so are more approachable and are in the reach of government," he says.

Yet a large problem for regulators and consumers alike is how to measure the effectiveness of ISPs' efforts to secure their networks. Internet service providers tend to pledge to clean up their networks, but in reality their efforts fall short. One large ISP, for example, removed 1,000 infected systems a month from its network, but it likely had 40,000 to 200,000 compromised computers sending out spam, van Eeten says. The gap between ISPs' promises and actions makes it difficult for companies and consumers to gauge which ones are taking security seriously, he says.

"There is no way for a consumer to assess any of the claims that a particular ISP cares about its security," van Eeten says.

Van Eeten and other researchers are attempting to create technology that can track ISPs efforts in tackling spam. If successful, such an effort could make the Internet less friendly for spammers.

"It is not about blocking the spam, but blocking the spammers," CommTouch's Greiner says. "Prevent their message from going out on your network, and you hurt their business."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Cybersecurity Industry: It's Time to Stop the Victim Blame Game
Jessica Smith, Senior Vice President, The Crypsis Group,  2/25/2020
Google Adds More Security Features Via Chronicle Division
Robert Lemos, Contributing Writer,  2/25/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9431
PUBLISHED: 2020-02-27
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak memory. This was addressed in epan/dissectors/packet-lte-rrc.c by adjusting certain append operations.
CVE-2020-9432
PUBLISHED: 2020-02-27
openssl_x509_check_host in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values.
CVE-2020-9433
PUBLISHED: 2020-02-27
openssl_x509_check_email in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values.
CVE-2020-9434
PUBLISHED: 2020-02-27
openssl_x509_check_ip_asc in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values.
CVE-2020-6383
PUBLISHED: 2020-02-27
Type confusion in V8 in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.