The top threats for June 2008 were released by Fortinet this week in the company’s latest State of Malware report, available online at the FortiGuard Center. Online gaming is ranked first in the Top Five Families list, making up 35 per cent of total threats for the month. W32/Netsky!similar heads the list of Top Ten Variants.
While online gaming isn’t necessarily a direct threat to enterprises, corporate IT managers should take notice of three others. According to Derek Manky, a security researcher at Fortinet’s Canadian office in Burnaby, BC, the most prevalent type of threat is adware. Mass mailer W32/MyTob.FR@mm also poses a threat by spreading through email, followed by W32/Grew.A!worm.
“They have been around for a while and it doesn’t look like they’re going away any time soon,” said Manky.
Due to their email-based nature, mass mailers are always a concern in the corporate environment. Spear phishing is another threat that should be kept in mind. “Spear phishing is a trend that has become more common and dangerous towards corporate users, in which high level corporate executives are targeted in corporate environments with specific information,” said Manky.
To help mitigate malware threats, Manky said companies should have an integrated security solution in place.
“The biggest thing with adware is that it is a blended threat, so there are multiple components that operate in different layers through different attached facets,” he said. “It’s always highly recommended to have an integrated security solution, end user and gateway protection, in place.” Products can certainly help a network level to detect malware, said David Senf, director of Security and Software Research at IDC Canada.
A lot of organizations are afraid to enforce policies and that’s how people end up getting malwareDavid Senf>Text
“That’s a great thing, if you can solve it at the network, but there’s other ways too to enhance the overall security of an organization,” he said. “It does start with employees and having the right policies in place and having acceptable use policy, for example…and it’s enforcing that too.” http://www.idc.ca
“A lot of organizations are afraid to enforce policies and that’s how people end up getting malware,” Senf continued. “Yes, there’s sniffing going on. If you haven’t passed your systems, you could get certain strains of malware on your machine and that’s no fault of your own, but a lot of it too is user action.”
Education is a key preventative measure for corporate environments, an opinion backed by both Senf and Manky. “IT managers should really emphasize awareness and education to their employees,” said Manky. “You can have a lot of security solutions in place, but it’s a chain really. If there is one user who is not aware…then the entire corporation, their sensitive data…intellectual property…can be at risk.”
“We see that organizations tend to purchase the wrong technologies or do not emphasize enough the right technologies,” said Senf. “If you have a Trojan on your machine that’s got the keystroke logger and it’s snagging your banking information or your corporate login information…that can be bad. But users typically have to do something to get one of these. So a lot of this comes down to organizations taking employees aside, training them properly.”
According to Senf, “An organization needs to take a holistic approach to security and look at what are the myriad threats that can harm them, not just focusing on the latest, greatest. Organizations focus on malware and they focus on spam and they focus on things that are possibly less damaging to their company than internal threats by employees, for example.”
Manky also suggested IT managers keep less frequent, but more damaging assaults in mind. “Spam, for example, is very frequent, but the overall damage of a single message of spam is not that great; whereas competitive espionage is less frequent, but could be very damaging,” said Manky. “Similarly, employee malice….not as likely as spam is, for example, but again, the damage would be far greater to an organization.”
IT managers should also keep everything up to date. “There’s a lot of attacks that try to gain access to the corporate environment through a front end, such as SQL injection attacks,” reminded Manky. “So it’s always good to have proper coding practices in place and software patches.”