How social engineering threats jump from end-users to corporate networks… and what can stop them

Just when browsers have become more secure from cybercrime, hackers are turning their attentions to the people using them. According to the article, “Microsoft: One in 14 downloads is malicious,” social engineering attacks have blossomed into one of the most preferred criminal tactics to get users to download harmful Trojans. With the rate of about 1 in every 14 programs downloaded by Windows users being some type of malware, Alex Stamos, a founding partner with security consulting firm, Isec Partners, said if attackers can’t get passed tougher browser defenses, they’re adopting new tricks that prey on peoples’ poor decision making.

Today, there are a number of different social engineering techniques that cyber criminals are using to deliver malware to end users, including:

Email from a friend: Users get a message from a friend telling them to view a video. When the link asks to download some required software, they are actually downloading a malicious program.

Spam: Hackers are using unsolicited email spam to send Trojan horses to individuals, hoping to dupe people into downloading fake advertisements that deliver malicious code onto their machines.

Spearphishing: Criminals create a maliciously encoded document that the victim is likely to open such as a follow up from a recent conference or a planning document from a partner organization.

Fake AV warnings: Criminals are hacking into Web pages and popping up fake antivirus warnings designed to look like messages from the operating system. Downloading these will infect a machine.

Malicious websites: Hackers trick search engines into linking to malicious websites that look like they have interesting stories or video about the hottest news topics.

While these threats can be perceived as consumer-related issues, businesses only need to look at this information in regards to “their employees” to understand how social engineering attacks can jump from end-users to corporate networks. The fact is, if an employee is tricked into downloading malware, the infected machine that is connected to a network can put corporate data and systems at risk.

The truth is, we will never be able to control our employees’ online behavior. Nor, is it realistic to train or re-train every employee perfectly. Because of this, the key to preventing malware attacks is to stop the payload from getting on the network. Application whitelisting does this by preventing the execution of any unauthorized application from running on a machine, no matter how the malware is delivered.

By: JT Keating

Cloud security: Protecting critical data is job #1…

Cloud computing has certainly taken its share of hits lately. Last month’s Amazon outage created a lot of chatter and analysis around the reliability and availability of cloud-based services. Despite what pretty much amounts to growing pains for cloud computing, most everyone agrees that businesses will continue pursuing cloud services for the many cost and competitive advantages that the cloud promises.

The one thing that these types of events bring to light is the importance of security with cloud providers. According to the recent article, “Symantec executives caution customers on cloud provider security,” as more and more businesses turn to cloud services, they need to hold their providers to the same security standards that they adhere to because they can still be liable if their data is breached.

Whether an organization’s business assets are on-premise or reside in the cloud, securing critical data needs to be the No. 1 priority. The top challenge is finding an anti-malware solution that protects data without compromising the productivity of their systems. Unfortunately, using traditional antivirus products alone is not the answer. For many companies that continue to rely on antivirus solutions to protect their networks, the challenge remains because of two significant factors.

First, antivirus can’t keep up with the tens of thousands of new malicious software that surfaces every day. With about 55,000 new viruses popping up daily, catching all the “known” malware coming through is impossible with reactive antivirus products. Second, as blacklist-based solutions try to keep up, the constant scanning for threats and downloading signature updates are eroding the overall performance of their systems.

As a result, organizations need a solution that provides maximum endpoint security without reducing system performance. Bouncer by CoreTrace does both. Using application whitelisting technology that doesn’t require file and system scanning or frequent signature updates, Bouncer stops the execution of any unauthorized applications without slowing down the system–in physical or virtual environments. Don’t just take my word for it, check out the Citrix Security Challenge page where the short video, “Maximizing Security & Performance of Citrix XenDesktops with CoreTrace Bouncer” received the most community votes. Even in the cloud, you can have security and performance at the same time.

By: JT Keating

Let’s make systems more secure, rather than blacklisting more efficient…

For the sake of argument, let’s say an anti-malware strategy combining cloud-based malware identification and information sharing capabilities could eliminate the bulk of malware. Even in a perfect world with perfect collaboration, such an approach will fall short of protecting enterprise systems against more sophisticated cyber attacks if it relies heavily on reactive blacklisting technology.

In the article, “IT security industry collaboration could eliminate 90% of malware,” Eugene Kaspersky, co-founder and chief executive of Kaspersky Lab, recently told attendees at Infosecurity Europe 2011 that identifying malware faster would reduce the number of initial infections to the point that it would break the business model of most cyber criminals.

“The number of initial infections will be so low that it will cost cybercriminals more to develop the malware than they are able to recoup.”

In all due respect to Mr. Kaspersky, there are two things that we take exception to in this article.


First, even in the best possible scenario where all the crowd-sourcing came together perfectly, you’re stopping 90% of nuisance, known malware. This kind of reactive approach is no solution for protecting our systems from the truly advanced, sophisticated targeted threats that are becoming the norm today.

Second, Mr. Kaspersky mentions whitelisting, but he uses the term inaccurately–in the same way most incumbent blacklisting providers do. True application whitelisting solutions enforce a whitelist of approved applications, thereby preventing the execution of all other applications (including zero day malware, etc.). Incumbant blacklisting providers like Mr. Kaspersky, in an attempt to protect their revenue streams and compete against other blacklisting solutions, have bastardized the term whitelisting as a way to make blacklist scans more efficient. They are mangling the term to describe a process wherein the performance impact of blacklist scans are reduced because “whitelisted” (“known good”) files do not need to be included in blacklist scans. This does not make endpoints more secure, it makes blacklisting more efficient.

Instead of relying on reactive approaches to stop the vast majority of nuisance malware, application whitelisting solutions proactively prevent all unapproved code from running on a system–including new or unknown malware that remains under the radar of reactive, information sharing approaches.

By: JT Keating