In an effort to bring the messaging industry even closer together, the Messaging Anti-Abuse Working Group (MAAWG), which held its 24th General Meeting in San Francisco last week, announced a name change to better articulate the group’s focus.
Long known for its holistic approach to messaging abuse, the organization was originally founded in 2004 to specifically address the issue of spam. But overtime, the group has broadened to include abuse on any messaging platform. This month’s official announcement of the name change from MAAWG to M3AAWG – also known as M3 for Messaging, Malware and Mobile – demonstrates the groups hope to create a tighter circle around messaging security professionals.
“Messaging, Malware and Mobile, those are the places that the bad guys continue to push,” explains Jerry Upton, M3AAWG Executive Director. “We decided we would go with this M3 description of our work activities to make it easier for people to understand what our focus is. Fundamentally, we have been doing a lot of this work for a number of years. Now it’s more of a public statement.”
M3AAWG leadership also hopes that a better understanding of the group’s charter, will mean an even more collaborative approach to messaging abuse will result. As an example, Upton notes the organization has focused on bots since 2008, “We are just becoming more public around the additional areas we have been working on for a while in the hope that it makes it easier for our members to send their malware teams, and mobile teams, along with messaging teams.”
Michael O’Reirdan, in his fourth term as M3AAWG Chairman, puts it this way: “A quick online search produces over 14 million links to references connecting messaging and malware, yet in reality abuse professionals in these fields usually work autonomously. This isolation keeps companies in the dark and bestows a ‘divide and conquer’ advantage to the cybercriminals. M3 is the path forward because cooperative efforts among all these experts – messaging abuse, malware and mobile security professionals – is the only way to win this war.”
The need to focus on mobile is understandable, now that smartphones are so pervasive today. “It used to be in the mobile world you didn’t have to worry because there was 2,000 different platforms,” says Upton. “But today, the number of platforms is much smaller and the targets are much bigger. So now you have a computer that you carry, with more personal information than you put in your laptop, and it is connected to the Internet with a broadband pipe. All that makes you a great target. Bad guys spend an enormous amount of money going after the targets now.”
O’Reirdan believes people have not fully grasped the potential danger. “The psychology is that it’s a phone and phones are safe, but that is not the reality. The Apple infrastructure is pretty well protected, but you have this whole other Android thing where there is a little more scope for naughtiness. Google is doing some stalwart work to deal with it, but you do have a much more open platform. There is a lot of virtue in openness, as we know, but at the same time it comes with some degree of risk.”
Last week’s General Meeting featured panels on smartphone threats, discussions on how mobile platform abuse will affect senders, current malware trends, and a report on following malware money, among other sessions during the three-day, multi-track event.
Also announced during the week was the ambitious project to be the first program to report the number of bots logged by ISPs and network operators. Organized by M3, the bot metrics report effort is a part of a voluntary joint industry-government council under the U.S. Federal Communications Commission. The project is being developed in conjunction with the CSRIC Botnet Remediation Working Group 7, also chaired by O’Reirdan, as part of the FCC’s private industry-government cooperative to enhance online security.
“The botnet stuff is proving to be really interesting for a number of reasons,” says O’Reirdan. “There are a lots of ways to gather the data. The work that is going on at M3 is to establish a point where you can compare apples to apples.”
O’Reirdan explains that various ISPs and service providers are gathering bot metrics one way, while others are doing it another way. O’Reirdan says that a lot of the work going on with M3 bot metrics program is to get into a position to deal with the problem and be able to compare data and overcome the challenge of data derived from unlike sources and technologies. “It may well be very, very difficult,” acknowledges O’Reirdan.
The new CSRIC-requested report will measure the number of bot-infected users each quarter and participation is voluntary. Exactly when the first report will be available is unknown. “Predicting when a regular report might come out is still premature. It is going to be a multi-tiered effort with a number of organizations and a variety of different parts of the Internet doing different things.” All in all, O’Reirdan says, “It is quite a long term and complex project.”
The ultimate goal of M3AAWG name change is to build awareness that the messaging industry has to move beyond a siloed approach to better protect end-users. “Please refer to us as M-Cubed not M3, as we are not a BMW,” quips O’Reirdan. “Although we do move quickly.”
↧
MAAWG Alters Name to Better Reflect Concentration Areas: M3
↧