The watering hole isn’t just for chatter
Commonly referred to as the watering hole tactic, the trend highlights the more sophisticated attacks taking place today. As malware attackers develop more methods to trick unlucky users, they’re also becoming more selective—targeting specific websites, monitoring visitors and going after specific companies, according to Symantec’s Internet Security Threat Report released in April 2015. Let’s just hope that’s one selective group we’re not asked to join.
Caution: Mobile isn’t immune
Many business owners and IT managers often forget that mobile devices are just as susceptible to malware as their personal computers. And it’s becoming an increasingly dangerous thing to forget:
Regardless of the motivations, you should start thinking about ways to help customers avoid potentially harmful mistakes—be it education and awareness or a stronger IT solution.
Helen of Troy would be so proud
There’s nothing like taking a page from history to put us on the defensive. Trojanizing is a new cybercrime tactic in which attackers hide their malware inside software updates. Once the software is downloaded and installed, they attack, according to Symantec’s report. That means you’re basically infecting yourself, and you never saw it coming. Scary, isn’t it?
Traditional ransoms are a thing of the past
Now we know what you’re thinking— ransom letters aren’t that common. We hate to break it to you, but that’s just not so anymore. As with the rest of the world, ransom letters, too, have changed with the times. Cryptoransomware holds the victim’s files until a ransom is paid—usually anywhere from $300 to $500. Pay the ransom, and you get your files back. Of course, that’s in theory—malware attackers aren’t exactly the most ethical people on the block. “In 2014, crypto-ransomware was seen 45 times more frequently,” according to the Symantec Internet Security Threat Report. “While crypto-ransomware predominately attacks devices running Windows, Symantec has seen an increase in versions developed for other operating systems.” Better keep an eye out for lurking threats and nasty ransom letters. These guys aren’t the ones to tango with (especially when they’ve got your files on lock down!).
A whopping 31 percent of Google Play apps have more than 50,000 downloads that contain remote exploitable vulnerabilities, according to Shining a Spotlight on Security Planning, an eBook by SC Magazine released in May 2015. The same eBook reported a 262 percent increase in iOS vulnerabilities since 2011. Android vulnerabilities increased 188 percent. An alarming 17 percent of all Android apps—that’s almost one million—were actually malware in disguise, according to Symantec’s Insider Threat Report, also released this year.
The good news is security solutions are advancing every day, and mobile opportunities are endless. Start thinking about ways you can jump on the mobile bandwagon if you’re not already on it, and be sure to educate your customers on the mobile security needs. Contact Tech Data’s Mobile Solutions team for more advice on finding the right mobile opportunities.
Insider threats aren’t confided to Hollywood movies
As much as we’d all like to believe insider threats are limited to far-off breaking news, Hollywood movies and the mafia, that’s just not true. The more sophisticated malware becomes, the easier it is for your employees to fall prey to seemingly harmless tactics. Or worse—for disgruntled and all-around-unethical employees to leverage illegal methods. Now before you go glass-half-empty on us, insider threats come in many varieties. It could be something as simple as forgetting to log out before you leave work for the day or losing a company-owned phone. Regardless of the motivations, you should start thinking about ways to help customers avoid potentially harmful mistakes—be it education and awareness or a stronger IT solution. Ensuring you’ve taken the right steps to avoid potential attacks is equally as important. If you’re not already, try thinking about automated patching solutions. Managing updates is time-consuming and error-prone. Automating your customers’ security audits gives you the peace of mind that the update was made—and the proof to prove it. Of course, this list is by no means a catchall for cybercrime tactics. In fact, it’s just a drop in the bucket. But the stronger you prepare your team, the better shape you’ll be in to beat cybercrime thieves at their own game. And maybe—just maybe—your business can rival Mayberry. After all, it’d be a crime to miss a slice Aunt Bee’s butterscotch pecan pie.