The current threat landscape is an overwhelming thought for MSPs. It's hard to feel safe when you read through the biggest data breaches of 2015. Back in February, the second largest health insurer in the United States, Anthem, suffered a breach that exposed 80 million patient and employee records. Anthem barely had enough in cyber insurance despite the fact that it covers up to $100 million, an expense unimaginable for small-to-medium-sized businesses (SMBs).
In our upcoming webinar, Demystfying the Threat Landscape, our Antivirus partner, Webroot, will examine the modern threat landscape and discuss the shortcomings of traditional antivirus, as well as explain how organizations can stay ahead of the malware curve. The webinar will be taking place on October 20, 2015 at 2 PM ET so don't forget to save your spot here!
A big part of avoiding data breaches is making sure you avoid data-compromising actions. The war on malware is an uphill battle. Cybersecurity races against the constantly changing malware curve, so it's important to stay updated! Everyone's heard of user error when it comes to cybersecurity, but it's not the only cyber risk out there. Here are three malware vulnerabilities you need to address:
1. Windows Update Drivers
Blackhat 2015 announced new Windows update vulnerabilities that can compromise your Windows Enterprise. The risk is there when "Windows update essentially retrieves and executes code over the network and can be performed by non-privileged users." The code doesn't necessarily come from Microsoft. In fact, sometimes, it's third party hardware drivers with code running from the kernel. The situation worsens when hardware vendors get involved and submit the drivers to be distributed by Windows Update. The drivers need to be signed, but Microsoft won't necessarily sign, which leaves all of the code quality to the vendor. To learn more about how to update Windows the safe way, read this blog post by Webroot!
2. Malicious Emails
Webroot recently intercepted a "currently circulating malicious campaign, impersonating Barkeley Futures Limited, tricking users into thinking that they've received a legitimate customer daily statement." Cybercriminals are constantly innovating new ways to systematically and persistently update their "spamvertising" to trick people into thinking the emails they receive on a daily basis are safe, though they are actually malware. This is also true for "Notification of Payment Received" emails, "Computer Support Services" emails, "Monthly Invoice" emails and more. Check out a screenshot of the email below, and click here to read the rest of Webroot's blog post on the subject.
3. DIY Keylogging
Webroot has detected another form of sneaky, damaging malware. Cybercriminals are "releasing DIY (do-it-yourself) types of cybercrime-friendly offerings, in an effort to achieve a malicious economies of scale type of fraudulent model." Webroot recently spotted a DIY keylogging based botnet/malware generating tool. The picture below gives you a little peek inside its Web-based interface and exposes the cybercrime-friendly infrastructure behind it. Thanks Webroot! Click here to access the full post which includes more pictures of the cybercrime-friendly interfaces for you to beware of!
Webroot's blog is a great resource for you and your end clients to follow to get the latest developments on malware, gateway breaches, phishing tactics, device-spying and other threats. The blog is created to help computer users, IT professionals and researchers manage the challenging threats of the digital world. To hear more from Webroot, join us for our webinar, Demystifying the Threat Landscape. Don't miss out on the opportunity to ask industry experts your burning security questions and to learn how you can best defend yourself from the current threat landscape.
Watch our webinar to learn how to stay ahead of the malware curve!
- The Threat the FBI’s Internet Crime Complaint Center (IC3) Wants You to Know About:
- 8 Vulnerabilities You Didn’t Know Existed in Your System Configuration
- The Current State of Encrypting Ransomware