Just when browsers have become more secure from cybercrime, hackers are turning their attentions to the people using them. According to the article, “Microsoft: One in 14 downloads is malicious,” social engineering attacks have blossomed into one of the most preferred criminal tactics to get users to download harmful Trojans. With the rate of about 1 in every 14 programs downloaded by Windows users being some type of malware, Alex Stamos, a founding partner with security consulting firm, Isec Partners, said if attackers can’t get passed tougher browser defenses, they’re adopting new tricks that prey on peoples’ poor decision making.
Today, there are a number of different social engineering techniques that cyber criminals are using to deliver malware to end users, including:
The truth is, we will never be able to control our employees’ online behavior. Nor, is it realistic to train or re-train every employee perfectly. Because of this, the key to preventing malware attacks is to stop the payload from getting on the network. Application whitelisting does this by preventing the execution of any unauthorized application from running on a machine, no matter how the malware is delivered.
By: JT Keating
Today, there are a number of different social engineering techniques that cyber criminals are using to deliver malware to end users, including:
Email from a friend: Users get a message from a friend telling them to view a video. When the link asks to download some required software, they are actually downloading a malicious program.
Spam: Hackers are using unsolicited email spam to send Trojan horses to individuals, hoping to dupe people into downloading fake advertisements that deliver malicious code onto their machines.
Spearphishing: Criminals create a maliciously encoded document that the victim is likely to open such as a follow up from a recent conference or a planning document from a partner organization.
Fake AV warnings: Criminals are hacking into Web pages and popping up fake antivirus warnings designed to look like messages from the operating system. Downloading these will infect a machine.
While these threats can be perceived as consumer-related issues, businesses only need to look at this information in regards to “their employees” to understand how social engineering attacks can jump from end-users to corporate networks. The fact is, if an employee is tricked into downloading malware, the infected machine that is connected to a network can put corporate data and systems at risk.
Malicious websites: Hackers trick search engines into linking to malicious websites that look like they have interesting stories or video about the hottest news topics.
The truth is, we will never be able to control our employees’ online behavior. Nor, is it realistic to train or re-train every employee perfectly. Because of this, the key to preventing malware attacks is to stop the payload from getting on the network. Application whitelisting does this by preventing the execution of any unauthorized application from running on a machine, no matter how the malware is delivered.
By: JT Keating
No comments:
Post a Comment