The majority of companies have been able to install preventative tools such as intrusion prevention systems and antivirus software to help protect against malware, but those tools are usually not an end-all solution. The key is deploying capabilities and collecting logs to detect threats as well. This slideshow features five concerns to keep top of mind in the ever changing and evolving malware landscape, as identified by Jaime Blasco, labs manager at AlienVault.
Click through for the top five emerging malware threats, as identified by Jaime Blasco, labs manager at AlienVault.
Several high-quality exploits have been aimed at online banking this year, like the ZeuS and SpyEye Trojans. Trojans can do harm that ranges from social engineering exploits that encourage users to provide additional information to draining funds directly from accounts. These exploits infect through Web browsers as a drive-by download or gain access to systems through phishing emails.
Mobile devices are a perfect avenue for hackers to access corporate networks. In the advent of bring your own device (BYOD), where more and more users are accessing the Internet off of their own smartphones or tablets, organizations need to have formal discussions around how to allow and secure these devices. IT needs to get executive-level support on new policies on all devices across the enterprise.
There has been an increase of malware on Apple computers this year, especially on software that is present on both Mac and Windows systems, such as Java Plus. These shared apps make creating a cross-platform hack much simpler. Users must remember to not take security measures lightly on MacOS.
Attacks through social media platforms such as Facebook, Twitter, and LinkedIn are on the rise as cyber criminals plant exploits and malicious links on these sites. The main problem is that, if someone posts a Facebook link, friends are very likely to click on it — a huge problem when malware or a worm is used to exploit that trust.
Small- and mid-sized organizations should never assume that cyber criminals wouldn’t target them in an attack. Today, many smaller organizations have something that they want, whether it’s intellectual property or other information. Although it’s not terribly common, it does happen.