Five Years After LoveLetter, Are We Smarter or Safer?

It’s been five years since the LoveLetter worm hit the Internet, becoming

one of the first global malware outbreaks and one of the costliest.

The question is, though, are we any smarter today than we were back then?

And are we any safer?

Some security experts and industry watchers say we simply are not.

”For the average user, the answer is that they are not any smarter or

any safer,” says Steve Sundermeier, a vice president at Central Command,

an anti-virus company based in Medina, Ohio. ”May’s Sober and Mytob

variants are all mass-mailing attacks that appeal to people’s curiosity.

Five years ago we learned about this social engineering tactic, so today

you’d think lessons would be learned, but obviously they haven’t been.”

According to some estimates, the LoveLetter worm, also widely known as the I Love You worm, caused about $8.8

billion in damages and lost productivity. The malware used what was then

a new form of online trickery — social engineering. Arriving in users’

inboxes appearing to be from family and friends, it used the enticing

subject line ‘I Love You’. Eager to receive such sweet tidings, millions

of users were duped into opening the dangerous email, infecting their

computers.

After LoveLetter came many more viruses and worms that used social

engineering to trick people into opening executables and downloading

malicious code. Teaching employees to beware of these schemes became a

key part of IT’s job.

But the tricks are still coming, and we’re all still falling for them,

according to Sundermeier.

”I would say it’s five years later and home users are just as dumb,” he

adds. ”For corporate users, it’s better, but we still need more user

education. There are always different vectors for infections. IM software

is becoming a problem… People are downloading file sharing programs and

worms are entering there… When employees go home, they go online with

their work laptops and they bring viruses back to the office.”

Andrew Jaquith, a senior analyst at the Yankee Group, an industry analyst

firm based in Boston, says corporate IT managers are using a lot more

tools and technologies to safeguard their companies, but that doesn’t

mean they’re a whole lot safer.

”When car makers put anti-lock brakes on cars, people started driving

faster,” says Jaquith. ”It’s called the security compensation theory. I

think a lot of the controls we put in place are helping, but they’re not

necessarily making us more secure because the threats are spreading

elsewhere or we’re changing our behaviors — for the worse — because we

feel more secure.”

And Jaquith says the tried-and-true social engineering tricks are working

just as well today as they were at the beginning.

”If you send a clever enough subject line, like ‘the memo you requested’

or ‘Britney Spears naked’, some people are still going to open that

email,” he notes. ”We’re largely a little smarter than that now. People

generally know that promises of Britney Spears unveiled aren’t what they

appear to be. We tell our kids, ‘Don’t accept rides from strangers’. We

should tell our workers, ‘Don’t accept emails from strangers’.”

But Ken Dunham, director of malicious code at iDefense, Inc., a security

and anti-virus company, says it’s unfair to compare today’s security to

what we had back in the year 2000. As security levels increase, so does

the maturity of the attackers. IT and security administrators may be

trying harder and using more and better technology, but they’re also up

against a bigger and more aggressive foe today.

Where we’re not advancing is with improving user interaction and use

training, he says. ”People are people and you can train all you want.

There’s no magic bullet.”

Jaquith says company users are the big problem when it comes to security

a network, adding that most users would probably give up their password

to a stranger for a piece of chocolate.

”P.T. Barnum had it all wrong,” he says. ”There are dozens of suckers

born every minute.”

RELATED NEWS AND ANALYSIS

• Huawei’s AI Update: Things Are Moving Faster Than We Think

  FEATURE |  By Rob Enderle,
  December 04, 2020

• Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 18, 2020

• Key Trends in Chatbots and RPA

  FEATURE |  By Guest Author,
  November 10, 2020

• Top 10 AIOps Companies

  FEATURE |  By Samuel Greengard,
  November 05, 2020

• What is Text Analysis?

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 02, 2020

• How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 29, 2020

• Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 23, 2020

• The Super Moderator, or How IBM Project Debater Could Save Social Media

  FEATURE |  By Rob Enderle,
  October 16, 2020

• Top 10 Chatbot Platforms

  FEATURE |  By Cynthia Harvey,
  October 07, 2020

• Finding a Career Path in AI

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  October 05, 2020

• CIOs Discuss the Promise of AI and Data Science

  FEATURE |  By Guest Author,
  September 25, 2020

• Microsoft Is Building An AI Product That Could Predict The Future

  FEATURE |  By Rob Enderle,
  September 25, 2020

• Top 10 Machine Learning Companies 2020

  FEATURE |  By Cynthia Harvey,
  September 22, 2020

• NVIDIA and ARM: Massively Changing The AI Landscape

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  September 18, 2020

• Continuous Intelligence: Expert Discussion [Video and Podcast]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 14, 2020

• Artificial Intelligence: Governance and Ethics [Video]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 13, 2020

• IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI

  FEATURE |  By Rob Enderle,
  September 11, 2020

• Artificial Intelligence: Perception vs. Reality

  FEATURE |  By James Maguire,
  September 09, 2020

• Anticipating The Coming Wave Of AI Enhanced PCs

  FEATURE |  By Rob Enderle,
  September 05, 2020

• The Critical Nature Of IBM’s NLP (Natural Language Processing) Effort

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  August 14, 2020