Tag Archive | defense in depth

October is National Cyber Security Awareness Month

NCSAM official image (Department of Homeland Security)

Cyber security awareness is so important, and we’re going to display a few things you should be aware of this month, for you to try to make capable changes to your personal or business security perspective. You will notice some of the information below is linked to different posts here on the blog. This should help you understand each topic better! Please don’t be afraid to use each of the links below to learn more about protecting your system(s).

  • Email is one of the biggest attack methods. Since users are still highly dependent on email, it is so critical that email systems get fixed. Spam can be so cunning that it may disguise itself as your friend, someone you trust, or a bank. The main target in these spam attacks is phishing, which will allow an attacker to trick you into doing something or giving away personally identifiable information.The goal is to also download malware on to your computer, which can be used to take control of your computer and steal much more personal information. Some emails may claim to be a legitimate organization sending you an attachment, but it’s purpose is to distributed malware on your computer. It is best to secure email systems against spam. This can be done using a variety of products whether hardware or software. Make sure to secure your system(s) with the latest spam fighting utilities. Also, securing Outlook or Windows Live Mail is beneficial.
  • Instant Messaging still seems to be a vector for malware attacks. Just when people drop their guard about IM security, a new band of threats affects users. Most IM attacks come in the form of spam, a message from an apparent trusted friend, or a phishing attempt/scam from a legitimate looking company. A lot of the time, when the message appears from a trusted friend, it usually means that person’s IM account or email account has been hacked and the attacker has mined the email addresses or IM addresses in order to send you these attacks. It is important to have a good Internet Security product that protects against IM attacks along with network defense.
  • Exploits are the most common cause of infections on computers these days. Many of the exploits have been caused by out-of-date Java plugins or Adobe Flash Player plugins (or even fake Flash Player), among other types of plugins for your browser. Other exploits come in the form of advertisements that are catered to your interests, by the use of tracking cookies, which when you click on the ads it can lead to a site that will immediately download malware and attempt to take control of your computer.Those are just a couple of examples of why you need Internet Security protection as declared just above in the explanation for IM security. Also, having a second-opinion malware scanner can make sure that things don’t get missed, giving you maximum protection. Working on a defense-in-depth strategy for your computer can be a great way to avoid exploits.
  • Downloading and installing untrusted software products is a good way to get infected with viruses, spyware, and other threats and malware. Using tools such as Web-of-Trust for your browsers is a key idea in managing whether a site is safe. Also, reading reviews for the product you are getting ready to download and purchase will help you make an informed decision. It is important to have Total Internet Security protection, as stated above in IM security. Please refer to the “Internet Security product” link for more information on securing your system(s) with protection mechanisms.

There are many more vectors of cyber security problems. It is important to use the methods described above as well to secure your system(s) from attacks from cybercriminals.

Summary of mitigating most attacks:

LifeLock

New Trojan Malware Targets All Platforms

Most malware analysis these days targets Windows machines. However, trojans are becoming more interesting. Hackers create these trojans, and want to get backdoor access to any machine.

Trojan malware has stepped up game. Hackers want more access, so trojans are being created to target multiple platforms. Imagine the payload of a trojan being targeted to Windows, Mac, and Linux.

Due to recent discoveries of this multi-platform malware in a Columbian Transport site. A JAR (java archive) is used to detect what OS the user is running, and then the trojan is sent to infect the specific OS. And of course, this is all too similar to the Boonana Worm. Or how about the first cross-platform worm: Badbunny. Yeah, not so dumb now.

Keep an eye out or ear open for the latest in multi-platform malware. Predictions show that this will be an ongoing problem. Good thing we’ve nipped it in the bud. But, of course, studying all of the latest new threats is a key target here at seCURE Connexion.

One of the main things we look for in malware now has to do with whether or not it is multi-platform. If it has different inferences for different platforms, we want to discover it.

Also, one thing to keep in mind, that this is also a way to exploit Java by using it to gain temporary access to the operating system in question, and then gaining permanent access afterward by infecting the system. It’s an exploit-in-depth process to make sure each exploit is targeted at the said platform.

Web-based malware is also increasing, and languages like Ruby, Java, and Flash are all at risk. Since they are web-based languages, they need to be watched for vulnerabilities much closer than basic software languages, such as C++, C#, Delphi, etc.

What is even more interesting is the factors it uses to infect the system as well. Exploit traps work best, when they evade antivirus programs, know what platform they will be working on, and if the vulnerability exists to conduct the exploit. This is what we call “exploit-in-depth” (EID).

How can we counter this EID? By conducting defense-in-depth control over our computers. No matter the type of OS you have, the danger for malware will lurk around.

%d bloggers like this: