Malware mitigation strategies for 2016

Getting a better grip on malware containment should be an enterprise goal for 2016.

The year may be changing from 2015 to 2016, but the threats to enterprise networks, infrastructures and data are not going away – chief among them malware. These viruses and other types of computer infections had a big year in 2015 (and the year before that), whether they were delivered via old-fashioned phishing scams or through cutting-edge peer-to-peer networks targeted specifically at the Internet of Things.

{break added}What can enterprises do to contain a full range of possible threats in 2016?

How old lines of attack keep enabling new ones

According to Verizon's 2015 Data Breach Investigations Report, 23 percent of all recipients of phishing emails still open the messages, and 11 percent of them actually click the attachments, which may include compromised files and/or links to spoofed websites. Phishing is nothing new, but as a blunt but effective attack vector that can deliver malware, it has found a supporting role as a catalyst for newer advanced persistent threats.

"Today's advanced attacks use a multi-phase approach to successfully appropriate valuable data – gaining a point of entry, downloading additional malware, locating and compromising target systems and uploading data," explained a 2011 Trend Micro document. "While an actual compromise can happen quickly, the time span from entry to initial compromise is more often days or weeks. And the time to actual discovery and full containment can be weeks to months."

In addition to phishing, age-old bugs as well as oversights within efforts to patch them were still huge issues for enterprises this past year. The aforementioned Verizon report found that 99.9 percent of the incidents it had tracked were the results of exploits that had been publicly known for at least a year before the actual breach happened. Vintage 2007 exploits were the most popular, although some (such as one remote desktop flaw) dated all the way back to 1999.

As we can see, effective patch management and timely delivery of other software updates are essential for keeping malware at bay. Enterprises often struggle with these tasks because they lack sufficient time, money and personnel to overhaul legacy programs and infrastructure. But even small steps can go a long way in securing sensitive assets. For example, keeping a log of all URL requests, preventing installation of unapproved Web-browser plugins and extensions and using advanced email filtering can help keep unwanted threats out of the system.

Preparing for tomorrow's biggest threats to cyber security

While old vulnerabilities are still major concerns, new threats are also on the horizon. For example, the IoT continues to gain steam, bringing literally billions of new IP-enabled devices online. According to Cisco, more than 50 billion "things" could be active within the IoT by the end of this decade.

Malware such as the Linux.Wifatch exploit discovered by cyber security researchers in 2014 show what could go wrong. Wifatch itself was "vigilante" (i.e., sort of like Batman) malware that seemed to be spread more as a warning to smart home device owners than as an actual, practical threat designed to enlist compromised endpoints into a botnet. It left messages to affected users instructing them to change their passwords and update their firmware – both good pieces of advice as enterprises confront a wider range of threats than ever before.

Fending off APTs, phishing and botnets requires a multifaceted cyber security solution such as Trend Micro Deep Security in addition to sound everyday practices for email and Web security throughout the organization. Find out more about how Trend Micro solutions can protect your data from advanced threats, at the Trend Micro website.



from Trend Micro Simply Security http://ift.tt/1S5VM6C
via IFTTT