Recent Trends in Crimeware SE Edition by Learning Tree International

SOLUTION BRIEF

Recent Trends in Crimeware

90% of All Reported Security Incidents are the Result of Human Error – National Strategy, Roles, and Responsibilities Need to Be Better Defined and More Effectively Implemented, GAO

What is Crimeware? Crimeware is “a type of malicious software designed to carry out or facilitate illegal online activity.” It attacks servers, workstations and browsers. It can steal credentials (usernames & passwords) and identity information. It can install backdoors into your system and allow unauthorised remote access to your network.

Crimeware is divided into four general categories:

In 2014:

23%

11%

of recipients opened phishing messages

clicked on attachments

– Verizon DBIR

1.Virus: Malicious code that attaches to existing programs – Requires end-user interaction 2. Worm: Self-propagating malicious code exploits weaknesses due to lack of patching in your systems and applications – Acts on its own 3. Trojan: Malicious code that misrepresents itself – Usually requires end-user interaction 4. RootKit: Collection of malicious code that deeply infects, hides, provides remote access, can change over time – Acts on its own or requires end-user interaction

78%

of observed phishing e-mails were IT- or security-related, often attempting to impersonate the targeted company’s IT department or an anti-virus vendor – M-Trends 2015: A View From the Front Lines

What does this mean? It only takes one click by one user for a malicious entity to gain access to your company’s entire network. But it’s not people in your organisation that are the primary problem. Lack of adequate TRAINING & EDUCATION is the issue!

Continued on next page

SOLUTION BRIEF

Recent Trends in Crimeware

To combat this, companies should develop robust and well-practiced Threat and Vulnerability Management Programmes that aid: • Timely identification of vulnerability disclosures and vendor supplied fixes, including loud and clear communications to potentially affected staff • Timely testing, validation and deployment of patches to affected systems and software

“

There are two kinds of big companies in the United States. There are those who've been hacked ... and those who don't know they've been hacked. – James Comey, Director, FBI

• Timely implementation of interim risk mitigation techniques

A New Way of Thinking

• Targeting of specific workstation operating systems, browsers, add-ons – in addition to server O/S and applications and other infrastructure

There are several ways that you can address crimeware concerns to mitigate risk to your organisation.

• Implementation of multi-factor authentication as a standard practice

“

What can be done?

1. Regular communication to your staff on the latest threats, hacker techniques, schemes and scams will allow continual defence against crimeware. 2. Constant configuration monitoring, testing, and review of both internal networks and your external perimeter is necessary to make sure these environments are not experiencing any unauthorised change. 3. Scheduled collection and analysis of threat intelligence designed to highlight specific Indicators of Compromise (IoCs) can quickly assist in the identification of a malicious presence. These steps help maintain a secure network but ultimately it’s staff training and education in Threat and Vulnerability Management, Anti-Phishing, and Security Awareness that will mould the thinking process of your employees to always be analysing their actions in a security context.

Learning Tree offers 30+ Cyber Security courses including 40+ Certifications aligned with the U.S. National Initiative for Cybersecurity Education (NICE) framework. Take the first step toward effectively defending against cyber security threats by visiting LearningTree.se/CyberCert