Security experts estimate that Conficker, a particularly malicious worm, targeting MS Windows, has already infected more than 7 million computers around the world.
Last year, there was much hype that the Conficker worm would cause an April 1 meltdown, although security researchers said such fears were greatly exaggerated. Still, Symantec says the botnet could still "wreak havoc."
But worms are not the only threat out there. As IT Business Edge blogger Mike Vizard explains:
"The problem is that the way we approach data security these days is largely defined by the way IT sees the world, which is through layers of horizontal products and technologies. What IT doesn’t really have a handle on is what specific individuals have access to what kind of information because they are associated with a specific business process or task."
These are just some of the major threats that Symantec Hosted Services says are facing companies. Click through to view the top five security threats you should be on the lookout for.
Click through to view the top five security threats you need to be on the lookout for.
Malware such as viruses, worms and Trojans can lead to data theft and loss of intellectual property. More than 90 percent of spam e-mails include hyperlinks, some of which may lead to malware being installed on a vulnerable PC. One particularly nasty type of attack is “Targeted Trojans.” P.31 of the MLI annual report for 2009 includes much more detail on targeted Trojans. A multi-tiered approach can remove such threats at each level of exposure, from filtering unwanted e-mails at the Internet before being delivered to the inbox, to appliances at the gateway perimeter, which can monitor for certain patterns of activity and block unwanted traffic and generate alerts, and at the endpoint itself – the last line of defense.
Example: Huigezi – a Targeted Trojan dropped via PDF exploit. It spies on audio and video communications in addition to Web, e-mail, IM and others. It is most commonly used for industrial espionage.
Not every company has one and fortunately they are few and far between, but their maverick behavior can result in all sorts of problems for an organization. At one end of the scale, someone may be wasting too much time on the Internet and not getting on with their work, but these can be managed through the use of acceptable usage policies and management controls to track such activity and deal with it accordingly. At the other end of the scale, you may have someone installing unauthorized software or accessing illegal materials online, such as adult content, copyrighted software, music and videos. Having a policy in place to manage this type of behavior is one thing, but monitoring it and applying it firmly is quite another. Having the right access controls and authentication mechanisms in place to audit behavior and inappropriate activity is sometimes overlooked.
Even with the right policies in place, access to the Internet is now often a necessary part of many employees’ daily routine. The risks can still be high, especially from drive-by attacks from visiting compromised websites, and links shared over insecure IM channels. Drive-by attacks are no longer the preserve of the shadier parts of the Internet. The majority of Web-based threats are blocked from legitimate or compromised websites, such as fake profiles on social networking sites and webmail services. A drive-by attack can result in spyware being installed on a machine, or worse still – malware leading to data loss.
Example: Psyme – A Trojan Downloader. By simply visiting a legitimate website that has been comprised by Psyme, a user can unknowingly become infected with spyware or some other type of malware, such as a botnet. This sample was downloaded by visiting a website accessed through a hyperlink shared over IM.
Many organizations have an increasingly mobile workforce and as such, laptops may be lost or stolen, potentially with sensitive or confidential information on board. Malware attacks and attacks against the endpoint from compromised USB storage devices, media players and mobile phones can also result in a PC being compromised with malware. Most malware installs backdoor Trojans that enable attackers to gain access to compromised PCs as though they were sitting at the PC itself, enabling them to transfer confidential information or to install spyware that will record a user’s online activities, user names and passwords. Safeguarding a business’s intellectual assets, including e-mail correspondence, is key not only to being able to recover from a potential disaster, but also to respond appropriately when legislation demands, particularly for regulated industries where responding to legal discovery requests may be necessary.
Exmaples: Conficker – Discovered by Symantec in November 2008, Conficker infected more than six million computers worldwide, becoming one of the most dangerous threats of 2008. Having remained relatively quiet since, it is now a generic dropper for other malicious software.
Security awareness training is an essential requirement for any organization employing IT. Employees should be trained to recognize social engineering attacks or “head hacking,” where the weakest link in the chain may be the users themselves, rather than an unpatched application or malware. Be suspicious of potentially targeted attacks and understand what the escalation process is. Individuals must take some responsible for the overall IT security of an organization – not just the IT managers and security officers. They should be able to recognize typical scams such as advance-fee fraud (commonly known as 419s) and phishing attacks, and report missed spam e-mails. Adherence to the IT policies is important and understanding the reasons is critical to ensure employees remain committed and don’t become rogue.
Example: Phishing1 – Phishing continues to be a serious problem, with many computer users finding it difficult to distinguish phishes from legitimate e-mails. There are several common “angles” for these attacks. Some, like this example, require the recipient to confirm their details, often under the guise of enhancing security.