Threats, threats and more threats
MacAfee has just released a report (MacAfee Labs Threat
Report, December 2018) finding that Trojan threats increased significantly last
year. The major threats coming from those four horses of the Apocalypse :
banking Trojans, fake apps, backdoors and cryptomining. The most worrying of which is the 75% rise in
banking Trojans. These are usually
activated by emails asking for links to be clicked on or sending the receiver
to a spoofed bank site where banking details are mined. Others are spoofed emails purporting to come
from a bank and asking for attachments to be downloaded. The aim to be either to gain access to
banking details with a view to emptying the account or to download a virus that
can cause problems or once again mine for passwords and banking details. This means that staff training on how to spot
and avoid spoofed emails is either severely lacking or not effective.
Backdoors are the most worrying threat because it means that
someone has not only found a vulnerability in your system but they have also
been wandering around your network doing goodness what damage whilst
there. This is how data is stolen and
your company becomes a headline in the newspapers.
Fake apps mean that our staff are plugging their portables
into your network and introducing viruses via a false app they have
downloaded. It also means that your BYOD
policies are being ignored.
Cryptomining threats are a reasonably new one but one that
boomed in 2018 thanks to the virus being spread via cryptomining social media
sites. Even Kodi, the popular open
source media distributer, was changed to deliver the cryptomining virus.
So what do MacAfee suggest to avoid being infected with
malware? They came up with five
- Update your cybersecurity policies and ensure they are adhered to with respect to apps from unknown sources. It is suggested that if a text or email is received with a request to download information or a file, or with a request to click on a link, it is ignored even if it purports to be from a trusted source. A quick think and a little research will soon make you aware that banks will not send documents by email and none of them will ask for passwords and other personal information. Staff should investigate the email for poor English, unusual grammar or typos – all indicating that the email has not come from a professional company but more likely from a foreign country.
- Beware of strange emails especially from an unknown source and do not click on links. Be carefully with interacting with email senders and do not send company information even if requested.
- Go directly to the source of a company website rather than click on a link that may be spoofed. Often if a link is clicked it goes to a site that is spoofed to look like the real think. Similarly and not mentioned in the report, check any phone number that is provided in a website as it could be a premium link that will cost large amounts of money to phone.
- Use security software on mobile devices as well, particularly if they are plugged into the company network. Hackers are more sophisticated and the smartphone and tablet are not longer immune from viruses.
- Be aware and continually update your virus protection as well as your patching. Hackers and cyber criminals are continually finding new methods of introducing viruses and viruses are continually being designed. All to cause malicious activity on your network and technical infrastructure.
- MacAfee is a trusted name in virus protection so take their suggestions seriously – you know it makes sense so talk to Gaia Technologies