With the threat landscape changing, the methods of protecting corporate resource develop, too. However, the key principles stay the same: know your basic vectors of threats, minimize possible human factor and use appropriate automated means.
The main vectors of threats have recently morphed immensely. The first reason for that is certainly omnipresent mobile devices like smartphones and tablets, which have visibly ousted traditional PCs off the market. However, the main problem with them is that the most popular devices use Android. Malware authors abuse the openness of the system and the fact that users may install software not just from one centralized application store, as is the case with the devices on Apple iOS. As a result, in 2012 about 94% of mobile malicious programs were written for Android.
The popularity of the BYOD (Bring Your Own Device) concept, when company employees link up to corporate networks with their own devices, as well as the fact that smartphones and tablets are widely used for payments and banking, have also deliberately attracted the attention of criminals.
One might say that mobile banking has not yet become mainstream, but it must be a matter of time. Nevertheless, cybercriminals have already learned to bypass notorious two-factor authentication by using mobile malware like ZeuS-in-the-Mobile (ZitMo), SpyEye-in-the-Mobile (SpitMo) and Carberb-in-the-Mobile (CitMo). These programs work in conjunction with Trojans Zeus, SpyEye and Carberb and can intercept messages with numbered one-time passwords that serve to confirm transactions. As a result, attackers gain access to user’s bank accounts.
Another new vector is ubiquitous social networks that hackers have already infiltrated to spread malicious applications or links to infected web pages. It should be also kept in mind that avid social networks users like to post a great deal of personal information, which attackers eagerly collect and use for their purposes, that are not virtuous by far.
The more traditional threats are still present though – spam distributing malware, exploits and the above mentioned infected websites. Phishing is not something particularly new either, but phishers have lately took to applying increasingly sophisticated methods of carrying out their attacks, and now they are as serious a threat as Trojans or zero-day exploits.
The listed threats above show that although technical means to provide a reliable kind of protection, now it must be much more versatile than, for example, ten years ago. Until very recently, however, the popular opinion had prevailed that an antivirus was enough to protect the entire IT infrastructure. That’s been wrong for a long time now though. Modern protection means should comprise various tools that allow the blocking of not just malware, but all the other threats, using all up-to-date technologies to prevent penetration of malware into the corporate infrastructure as well as attempts to attack and exploit vulnerabilities in software. These technologies are described in detail in the new Kaspersky Lab’s survey “The Threat Landscape 2014“.
Automated tools can reduce the risk and burden of the IT department, because the amount and complexity of their work increases exponentially as the entrusted infrastructure of the company gets more and more compound.
It’s not reasonable though to focus on one kind of threat like, for example, viruses and Trojans, to the detriment of the rest of the threats out there. If the company’s infrastructure is provided with the latest antivirus and antiphishing tools, but any known vulnerable software like Adobe Flash or Oracle Java are not being updated for months, then the probability of intrusion is never less than without any antivirus at all.
All efforts of an IT department may also be futile if employees are not able (or not trained) to comply with minimum security measures when working on the Web. If they do not know that using the same password on ten resources is sure to bring troubles, or if they are not aware that there is malware not just for computers but also for mobile devices. Staff should be trained to know this information and kept up with the constant changes in the threat landscape and new malware tools and techniques emerging. “The Threat Landscape 2014” survey provides the needed guidance about how to do that the best way. You may read it here.