According to cnet, data breaches at U.S. companies attributed to malicious attacks and botnets doubled from 2008 to 2009 and cost substantially more than breaches caused by human negligence or system glitches…
This probably comes as no surprise to system administrators and security administrators who have worked diligently over the years to tighten security and harden systems. Hacking attacks have transitioned away from networks and systems to user-based attacks.
Unfortunately, IT departments have not done as effective a job of patching software applications on users’ computers. Many organizations struggle with keeping their heads above water to test and deploy all the Microsoft OS and Office patches released each month. Many IT departments simply do not have the resources to keep up with PDF readers, media players, and other installed applications’ security patches.
Many of these attacks dupe users into opening an infected file, visiting a web site, or clicking on a link. Then malicious software is installed in the background due to using an unpatched application. Some attacks, known as drive-by downloads, only need users to visit a web site with malicious code in order to compromise a computer.
Targeted attacks are also used to dupe unsuspecting users into opening attachments containing malware. “I would never do that!” you say. Well think about this scenario… you are in accounts payable and process numerous invoices daily; many of which you receive via email. A hacker sends you an invoice as a PDF attachment, and you open the attachment with your PDF reader of choice. Unfortunately, your PDF reader has a known security flaw. Once you open the PDF, nothing appears to happen, because the hacker is installing malware in the background. You eventually close the reader window, but your computer is now infected.
Don’t like that scenario? Let’s say you are a mortgage lender at a financial institution. Most likely, the phone is not ringing off the hook these days! A hacker gets your email address from your web site, and sends you an email requesting a mortgage. To “move things along,” the hacker has attached some information about “himself” and the property. Are you opening those attachments? Most people will, despite any policy their institution may have about acceptable use!
But, my antivirus will save me! Think again. For some disheartening information about the effectiveness of antivirus, check out VirusTotal which tracks the effectiveness of numerous antivirus vendors at detecting malicious content. Scroll down to the “Failures in Detection (Last 24 Hours)” section. The big red circle represents one or more antivirus program has failed to detect the malicious code in a file, and the little blue wedge represents when all antivirus programs detect the malicious code.
Yes, antivirus has a place on your computer, but can not be relied upon explicitly to protect from malware.
What can be done to protect against these types of attacks? Keep ALL your applications up-to-date. Doing so is not an overly difficult thing to do. There are tools out there to help. Many are inexpensive or free. The problem most organizations have is a lack of resources and discipline to make checking for, and applying, application patches part of their normal routine. Many organizations have the best of intentions, but keeping servers running and responding to end-user requests often get in the way of completing routine tasks.
If your organization needs help staying on top of your application patches and other tasks, PCSentry would like to help. PCSentry focuses on monitoring and patching your operating system and other installed applications, so you can be sure those holes are plugged. Call us, fill out a form, or send us an email.
