Malware as a service is exploding in popularity, this allows it to be distributed openly as a service by the creators. “Customers” pay a fee for the usage of the Trojan just as businesses would for cloud provided services. This essentially allows anyone to purchase the Adwind Remote Access Trojan (RAT) for a small fee, regardless of computer skills. Recent examples we’ve seen utilize .jar (java archive) files or .jar files inside .zip files.
Congratulations go out to AppRiver Senior SharePoint Escalation Lead David Petree, who was selected as a 2017 Microsoft MVP Award-winner.
It is no small feat to be named a Microsoft Most Valuable Professional Award winner. It is even more exceptional when you are named an MVP four years in a row. Not to mention being only one of nearly 1,500 technical experts worldwide to receive the honor.
Cybercriminals are nothing if not persistent. Part of that persistence comes in the form of reoccurring themes.
One of the most popular social engineering themes utilized in malware distribution over the past decade have come in the form of phony emails posing as a parcel delivery notifications. Think UPS, FEDEX, DHL or USPS etc…
The attackers tend to stick to what works. After all, why stray from the formula so long as some people are willing to click?
Nearly every day you read about a new malicious attack on computer networks of vital businesses around the world, and the attacks do not seem to be slowing down.
So what can businesses do to protect themselves? Aside from a mulit-layered security approach, businesses should have a secure backup process in place. Should they be infected, a backup allows them to wipe the affected device and reload their information.
Another crucial step is education for all levels of staff.
Often it is a company’s last line of defense – the employees – who accidentally unleash a malicious attack.
It is worth an employer’s time to educate employees on how to not fall prey to a savvy hacker because it just might save the company from costly attacks and hours of headaches. And as a trusted advisor, you’re in the best position to help.
SIMPLE STEPS TO HELP EDUCATE EMPLOYEES
Here are 5 tips you can teach end users to help keep hackers from wreaking havoc on your systems:
- Assume all file attachments are dangerous. Dangerous attacks often utilize common file types users are used to seeing – .doc, .xls and .pdf, etc. While not every file extension can launch an attack, users should treat all file extensions with skepticism.
- Stay alert for phishing emails. Only click web links within emails you absolutely are sure are authentic. Phishing emails typically come with typos and greetings such as “Dear Customer” or “Dear Sir/Madam.” Be wary of threats and urgent deadlines as these often are characters of phishing scams.
- Update system, software patches regularly. Security researchers show that installing system and software updates is the best defense against common viruses and malware online. Particularly for computers running Windows. Software makers often release updates to address specific security threats. By downloading and installing the updates, you patch the vulnerabilities that virus writers rely on to infect your computer.
- Be careful using public WiFi. Most businesses who provide public WiFi tend to have lax or nonexistent security – leaving the network and your computer vulnerable to hackers.
- Use complex and lengthy passwords. Use a combination of letters, numbers and symbols for your password. Do not use the same password for multiple accounts.
If you’d like to share this information with your customers and their end users, AppRiver has made it easy with THIS DOWNLOADABLE POSTER you can print and distribute.
On Friday afternoon, The Register published an article reporting a leak of 32TB of Windows builds and source code. This is a significant breach and could cause security concerns for Windows 10 users in the coming months.
All large software systems contain bugs – small mistakes made by the humans who programmed them. Some may only cause minor annoyances, such as text being the wrong color. Others can be dangerous, leaving users’ data exposed. It’s no surprise then that attackers who write malware are always on the lookout for such bugs.
Usually the hardest task for a hacker is finding them. That’s because Windows operating system code is compiled into assembly code designed to be read by processors. As a result, it is a slow, tedious process for humans to read through it all.
It may take hours or days to look over even a few hundred lines of code after they are compiled – and the Windows 10 codebase contains tens of millions of them. Given that volume, it is entirely possible Windows 10 contains vulnerabilities that have not yet been found and patched.
That’s a serious security issue because, unlike assembly code, the source code that was leaked is designed to be read by humans. Now that it’s available, more attackers can study its contents and write malicious programs to exploit it.
That’s the bad news. The good news is that Microsoft will surely be working even harder to find any bugs before the bad guys do. So, it’s a good idea (always, but especially now) to install any software updates immediately. They will contain the patches to any vulnerabilities Microsoft identifies.
In addition, this is a good time to review your company’s overall security posture and make sure you don’t have any gaps. If you’d like more information on how to build layered security, visit our website and download our free whitepaper.