Coronavirus is also dangerous by email

Coronavirus is also dangerous by email

by | Feb 12, 2020 | Security Information, Security information

Hornetsecurity warns of phishing and malware attacks that pretend to be from global health organizations

Reports of new cases of Coronavirus infection are appearing rapidly. The pictures of sealed-off cities and people in quarantine suggest a horrifying scenario. But the virus is not only a risk in the analogue world: the growing fear is shamelessly exploited by cyber criminals with targeted phishing and malware campaigns. Sadly, there is now a Coronavirus infection risk via email.

Since the beginning of February, the Hornetsecurity Security Lab has observed an increased volume of emails sent in the name of the World Health Organization and the Centers for Disease Control and Prevention. The messages explicitly take advantage of people’s fear of the virus.

For example, a link provides an alleged list of new cases of infection in the immediate vicinity. The recipient would be able to access this list by entering an email address and a password. This is a classic phishing email that is intended to steal sensitive data. In other cases a download link or an attached document is offered. Both promise information on security measures to protect against infection.

If the link is clicked or the document is opened, a malicious file will be downloaded. There is a substantial risk that the IT system could be infected with a virus or ransomware.

Increase in attacks that reference current events

The experts at Hornetsecurity point out that more and more often, current events with a high emotional charge are being used as hooks for large-scale phishing and malware campaigns. By exploiting people’s emotions, cyber criminals know their emails will receive more attention and be seen as more credible. The probability that the messages will be opened increases.

The Coronavirus mailing is only one of many current cases. There have been similar mail attacks referencing the climate protests initiated by Greta Thunberg, GDPR and the bush-fires in Australia—all of these are actual exploits that have been intercepted by Hornetsecurity.

Since email communication in companies is still the number one gateway for cyber attacks, employees must be made aware of this issue in addition to setting up effective protection mechanisms. Detecting phishing emails is not easy – but not impossible either. To vet suspicious messages, the following areas should be checked:

  • The sender’s email address can provide information about the true origin of the message. If it is not plausible or contains spurious letters or cryptic symbols, this is a warning sign.
  • Large-scale phishing campaigns often only use a generic form of address for the recipient.
  • Incorrect spelling and grammar and an unprofessional layout are also an indication.
  • The use of pressure is a common tactic. This is intended to undermine critical thinking.
  • Cyber criminals often try to get the recipient to open a URL or attachment. Email attachments can present serious risks.

Further Information:

Office 365- is ‘Account Hijacking’ the number 1 security risk?

Office 365- is ‘Account Hijacking’ the number 1 security risk?

by | Jan 27, 2020 | Security information, Security Information

Currently there are about 180 million corporate customers reported by the international technology company Microsoft using their cloud service Office 365. With the end of support for Windows 7 on January 14 and the termination of support for Office 2010 in October this year, a significant increase in Microsoft Office 365 users is expected. Companies are now weighing the risks of cyber-attacks on cloud services against the technological opportunities. They are facing the choice of either storing their data in the cloud and upgrading their IT systems or being left behind by the competition of the future.

Microsoft is already countering the increasing number of cyber-attacks on Office 365 users with numerous security measures enabled to protect its customers’ important data and information from unauthorized access and insight. The main vector for malware and phishing attacks is email communication, for which Microsoft has integrated special security mechanisms. However, security experts recommend to not only rely on Microsoft’s safety measures, but to additionally secure Office 365 accounts with third-party solutions. Why? We will explain in the following blogpost.

Office 365 – ‘account hijacking’ vulnerability?

With greater flexibility, cost savings, outsourcing of storage capacity, relevant tools and the latest software available in seconds – all these factors point to the benefits of cloud computing. Already 73 percent of German companies rely on cloud services and see this as a growing market for the future. In upcoming years, other companies will no longer be able to avoid the upgrade of their systems – or they will be left behind by their competitors.

Microsoft is regarded as the major driver of the cloud movement, and has brought the world’s most widely used office suite to the cloud with Office 365. Critical and sensitive files are uploaded and exchanged daily by more than 100 million business customers in the Office Cloud … a fact that cyber-criminals are well aware of. Recently, Microsoft reported a 250 percent increase in targeted attacks on Office 365 accounts. Microsoft has already integrated some security features into Office 365 – but the question you should ask, are these measures really enough? What additional solutions can provide comprehensive security?

Die Angriffe auf Office 365-Konten steigen von Quartal zu Quartal

Attacks on Office 365 accounts increase from quarter to quarter

IT Security: What are the challenges with Office 365?

The key factor for migration to the cloud is the protection of personal data, in addition to comprehensive security, especially after implementation of GDPR. The worldwide increase in cyber-crime is placing the challenge of these factors even more clearly in focus.

Identifying an Office 365 user is very simple for an attacker, because the MX records and autodiscover entries are visible to the public online. Comprehensive security features are being implemented to prevent possible attacks from Office 365 accounts, but it must be kept in mind that the data in the cloud itself – even in the event of unauthorized access – can be accessed from anywhere. By using Office 365, an important security aspect is no longer available to companies: the firewall. If an attacker succeeds in gaining unauthorized access to an Office 365 account, all data is available to them without any restrictions.

Email communication is the main gateway for attacks

95 percent of all cyber-attacks on companies occur via email, because email is considered a central channel of communication by companies worldwide. A single mailbox often contains numerous email messages with personal data of other users, sensitive files and sometimes even internal confidential information. Attackers can enter a company’s IT directly via email without authentication. All it takes is for one user to interact with a piece of infected content or attachment that takes over the user’s account. If an administrator account has been taken over, the attacker is given the same rights as the account owner and has the opportunity to gain access to the data of all users within the company.

Office 365 Hijack Attacke

A Hijack attack specifically targeting Office 365 users

A new level of security is necessary

The focus of additional security features should primarily be on the area of email communication. It is important to secure Office 365 accounts with a third-party solution. Specialized providers hide Microsoft DNS and MX records, which means that Office 365 users are not easily identifiable to attackers and are therefore less likely to be targeted. In addition, they provide much better protection against targeted attacks on Office 365 accounts, which the attacker has successfully tested against the basic Microsoft protection mechanisms. In addition, a small number of providers allow full Microsoft 365 email encryption of mailbox data stored within the cloud, which is then protects against spying even if an account hijacking was successful.

The IT market research institute Gartner predicts that this year already 50 percent of the organizations using Microsoft Office as SaaS will secure their email communication through third-party providers. 35 percent of all companies that switch to the Office 365 cloud will use such a solution from the very beginning.

Further Information

Business Email Compromise: Threat grows rapidly

Business Email Compromise: Threat grows rapidly

by | Jul 23, 2019 | Security information, Security Information

Encrypted malicious attachments, phishing and fake application mails are known attack methods used by cyber criminals to deliver malware such as ransomware into corporate systems. Once in the system, malware can cause losses of millions of dollars through encrypted corporate documents, theft of relevant files and information, or a slowdown of business processes through illegal crypto mining. Sophisticated filter systems for the detection of hidden malware make the way into a company’s system increasingly challenging for cybercriminals.

Therefore, the focus of cyber criminals is shifting more and more to the human vulnerability: They address employees of selected companies with simple but very individual and strictly textual email messages – this procedure is known as business email compromise (BEC). The Hornetsecurity Security Lab has been recording a significant increase of this type of attack for around 1 ½ year now.

What is business email compromise?

Large sums of money are fraudulently transferred to an external account, important internal company and access data as well as other confidential information leave the company unnoticed – without any malware being introduced. With a BEC, a hacker relies on special insider knowledge as opposed to simple spam. Known names and email addresses of employees or customers as well as current signatures and disclaimers make a fake email appear authentic.

By using fake email addresses similar to the one of the CEO, a customer or a clerk, the cybercriminals send a short, purely text-based email specifically to a selected employee. The display name is shown exactly as it would appear in an email from the actual person. This makes it difficult to detect the fraud behind it.

What do cybercriminals do?

In the first email, the cybercriminal gets a feel for the subject. The alleged CEO or supervisor addresses an urgent concern to a target person in a company. The criminal asks for a quick written answer by email, because the boss is allegedly in a meeting or cannot be reached by telephone. The hacker puts the recipient under pressure in terms of time and psychology to veil he fraud.

If the criminal receives an answer, he becomes more precise in a second message: The alleged superior requests the transfer of a certain amount of money to the account of an alleged customer, business partner or service provider. But not only financial resources are captured in this way. The hackers can also get internal company data as well as information to misuse them for other purposes. The CEO fraud is the best-known cybercriminal procedure to date but the fraud of the business email compromise can occur in different ways:

 

  • The hacker masquerades as a company’s customer and announces a change in payment information to trigger future transactions to the attacker’s account.
  • Covered with an employee’s alleged email address, the cybercriminal sends invoices to the company’s customers.
  • Using a lawyer’s compromised email account, pressure is put on a targeted recipient within a company to make a payment or return information.

 

Current risk situation

According to the FBI’s latest internet crime report, the business email compromise along ransomware, banking trojan virus and phishing is responsible for much of the world’s financial losses caused by cybercrime. In 2018, the fraud caused by fake emails led to global losses of around 1.2 billion dollars. And the threat posed by BEC is expected to persist and increase.

Once a company is affected, it is very likely that this type of attack will be repeated. Any additional internal information unknowingly sent by an employee via email makes more fake emails look even more authentic“, said an expert from the Hornetsecurity Security Lab. „Every month, we see an increasing number of incoming emails in which cybercriminals try to impersonate real employees or customers. And each time, the method becomes more sophisticated: in some cases, the logo, disclaimer and signature of the targeted company are reproduced one-to-one. The recipient of such a fraudulent email needs to know exactly what to look out for.

Which companies are largely affected?

Cybercriminals often target large and internationally operating companies via business email compromise. Information about people in certain administrative positions is easy to find out, logos or current market activities are usually accessible on the internet. In addition, international financial transactions are not uncommon and in large companies, there is a high probability that employees have never met in person and the simple exchange of emails is a normal part of everyday working life.

In 2015, the German cable specialist Leoni AG became a victim of such a fraud. Cybercriminals cheated the company by around 40 million euros. . The globally known social network Facebook and the Google Group were also robbed of a total of 100 million US dollars for more than two years. This became known in 2017, when the fraud was discovered and made public by the US American magazine Fortune. According to the FBI’s report, the current focus is on real estate companies.

How can comanies protect themselves against it?

The Hornetsecurity Security Lab assumes that the business email compromise will remain one of the biggest cyber threats in the future: „: Classic anti-phishing or spam services fail to recognize BEC emails due to their generic content. We offer our customers highly customizable and complex anti-fraud protection to ensure the highest level of security. Consequently, we receive only positive feedback from companies using our targeted fraud forensics engines. “ Precisely targeted engines verify the authenticity and integrity of metadata and email content. They identify specific content patterns that suggest fraudulent email. This prevents fake emails from reaching your inbox. Even trainings which additionally draw employees’ attention to the characteristic elements of a business email compromise can put a stop to the growing danger.

Further information:

Phishing emails – on a fishing trip at the data flow

Phishing emails – on a fishing trip at the data flow

by | Dec 11, 2018 | Security Information, Security information

The email from the principal bank came completely unexpected, its design very authentic, the content unsuspicious at first glance: ” We’ve detected a security breach in our systems. Please log into your account immediately to verify your identity”. – many recipients of such an email are not able to see its hidden fraud. That is because this is not a security breach or a well-intentioned advice from the credit institution, but a classic phishing email.
But how does phishing actually work and is a non-expert able to see through the scam? What happens after I fall for the fraud? Why are phishing emails called that way and how can I protect myself from these attacks? Questions about phishing are a dime a dozen. This blog post aims to shed some light on the abysses of phishing and shows not only how to uncover phishing emails with a few simple tricks, but also how not to let them into your mailbox in the first place.
YouTube

Mit dem Laden des Videos akzeptieren Sie die Datenschutzerklärung von YouTube.
Mehr erfahren

Video laden

The name says it all

The word “phishing” established itself in the USA in the 1990s and has less to do with the open sea and its inhabitants, but parallels to the English word “fishing” can still be drawn. Because in phishing, cybercriminals literally “catch” the personal data of their victims in a fraudulent way.
The word “Phreaking” also influences the naming process. It describes the sneaking of free telephone calls by generating a 2600-hertz tone played into the handset that could mislead certain switching centres in the USA, France or Japan, for example, to set up telephone calls.The amusing thing about this is that exactly this 2600-hertz sound can be produced with a toy pipe that was once a promotional item for the “Captain Crunsh” cereals. However, modern switching technology no longer allows this method, although this procedure is the beginning of today’s well-known “hacking”. The term “phishing” is a neologism of the two words “fishing” and “phreaking”.

How does phishing work?

A phishing attack is a digital identity theft. The hackers send fraudulent emails, which for example imitate the design of well-known Internet service providers such as Amazon or PayPal as well as leading financial institutions.

With the help of insidious pretexts, the partly appearingly fraudulent messages try to lure their recipients to fake websites to have them reveal their personal data. They claim, for example, that there has been a hacker attack and that the supposedly affected account is no longer secure. Only if the user verifies his personal data on the website which can be reached via a link, the security of the account will be ensured.

The link embedded in the email is often very difficult to expose as a fraud. This is simply because the cyber criminals put a lot of value on the fact that the implemented links look as authentic as possible. By buying domains, such as “amazn.com”, which look almost similar to the original, the fraud is successful in most cases. According to the Anti-Phishing Working Group (APWG), nearly 114,000 of such phishing sites were online in March 2018.

In order to make the fraud perfect, this obviously also applies to the sender addresses of the phishing emails. The actual Amazon sender address „noreply@amazon.com“ will then be changed to „noreply@amzon.com“.

With certain email clients it is also possible to use a display name to cover up absurd sender addresses, such as hacker@doamin.com, which have nothing to do with – in our case – Amazon. Visually, this fraud can only be detected with a precise look and most victims do not notice the fake at all or at least when it is already too late. Once the victim has entered his or her personal data on the malicious website, the information is transferred directly to the cybercriminals.

Phishing and its varieties

Regular phishing emails, like spam emails, are intended for mass mailing. Cybercriminals purchase large amounts of email addresses for this purpose or use data they have captured. These fraud messages are then usually sent to millions of different people. Even though for some phishing emails the focus is not on details, they can often achieve significant success rates – at least when you look at total figures. The situation is quite different with so-called spear phishing.

The method relies mainly on the traditional phishing scam, but in this case “spear phishing” is a targeted email fraud.It can be adapted to a specific company as well as to a specific person. The purpose is to steal sensitive financial or login data. Through social engineering, cybercriminals find out as much personal information about their tagret as possible in advance so they can fake deceptively real-looking email communication. In best case, the victim does not notice the fraud and is directed to a fake website, where he or she then reveals his or her data.

Phishing infographic
Enlarge infographic

What do the digital pirates want to achieve?

In most cases, the information “obtained” by the cybercriminals is access data for online banking accounts or other web-based banking services, as well as credit card information in general being a popular target.
The motivation of the attackers can be quite different and ranges from financial enrichment in the sense of account robbery or the selling of data, up to hacker attacks on companies, which are accomplished by the information of the captured data.

I have been a victim of a phishing attack – what should I do now?

Despite all the security measures, it happened and you became the victim of a phishing attack. Often one notices this only when it is already too late. Now it’s time to stay calm and react quickly! It is best to inform the operator of the affected account about the phishing attack immediately so that he can initiate appropriate measures and make the fraud public. In some cases, you can also become active yourself by changing the access data of the relevant account or by locking it if possible.

How can I effectively protect myself from phishing?

The success rate of phishing emails is very high. In 2017, Trojaner-Info.de even reported about an extremely complex phishing attack against frequent flyers, which had an immensely high success rate of 90 percent. Becoming a victim of a phishing attack can happen faster than you think.This makes it all more important to be prepared in advance for potential phishing attacks. We have therefore listed the most important recommendations in the following section.

1. Sensibilisation

First of all, the right sensibilisation to the defence against phishing emails is a good base.. Many users are not sufficiently aware of dangers hidden in their email inbox, such as phishing attacks.It is therefore difficult for them to identify malicious emails as such. However, the risk of a phising campaign can be reduced with a little prior knowledge.
If phishing is suspected, the first thing to be checked is whether the sender address actually matches the original domain or whether it contains additions or spelling mistakes. If this is the case, it may be a first indication of a phishing attack. A further hint may be impersonal greeting, such as “Dear Ladies and Gentlemen”. For example, a bank would always start its emails to customers with a personal salutation. In addition, you should never click on links or buttons placed in emails, since as a “normal user” it is unfortunately very difficult to check if the supposed link destination is actually correct.
If the address is similar to the original domain and seems unsuspicious at first, you can check this by matching both URLs. In addition, you should never reveal personal information in any email communication.

2. Active protection

Beyond awareness, there are things that can be done to actively defend against phishing attacks. In the email client, for example, the “run active content” function should be deactivated, as this can lead to harmful content being automatically run unnoticed.
If you don’t want phishing emails to be delievered to your inbox the first place, you shouldn’t miss out on a spam filter service. Hornetsecurity’s Managed Spam Filter Service reliably filters 99.9% of all email threats, including phishing emails.
Hornetsecurity Advanced Threat Protection is designed to detect even the most sophisticated phishing campaigns through a bundle of security mechanisms such as Fraud Attempt Analysis, Identity Spoofing Recognition or Targeted Attack Detection. This ensures that no employee accidentally falls for a phishing email – even with the most advanced security measures.

Example of a phishing email:

Phishing email example
Classic phishing email in which cybercriminals disguise themselves as credit institutions. Using the pretext that there have been unusual login activities on the account, the target person is forced to verify their account details. The design is indistinguishable from the regular design of the bank. The email does not contain any spelling mistakes and the formatting is correct. Advertisements in the email with links to the real website and the QR coder for the banking app round off the overall picture. Since it is a credit institution from South Africa, even the sender domain “abSaMail.co.za” is quite credible. Only the prefix “xiphaMe” looks strange and indicates a fraud.

Example of a spear phishing email:

Spear-Phishing Beispiel
Example of a perfidious spear phishing email*. The fraudsters used social engineering to find out the names, email addresses and most likely the relationship between two employees. They then used the captured information to recreate an email communication that was as authentic as possible. Trust is built through personal salutations and insider knowledge of the company’s lawyer. The email address of the alleged sender is also entered in the name field. This is to suggest that it is actually the correct sender address. The actual sender address only follows after this.
*The example shown is a real spear phishing email. For data protection reasons, all personal information has been changed.

Additional information:

 
Emotet: Comeback in a new guise

Emotet: Comeback in a new guise

by | Dec 5, 2018 | Security information, Security Information

+++ UPDATE 05.12.2018: The Hornetsecurity Security Lab is currently observing an immense increase in the number of dangerous emails, which come with the malicious malwareEmotet“. Also the BSI informs about the growing threat, by the current Phishing and Spam campaign, which spreads “Emotet”. The affected companies suffered from failures of their entire IT infrastructure, which resulted in immense capital damage.

Disguised as an Office Word document attached to a legitimate email, the malware is installed on a computer when opened and reads contacts and email content from the mailboxes of the infected system. Furthermore, Emotet has the ability to reload additional malware that allows hackers to read access data and provide remote access to the system.

In September this year, Hornetsecurity already published a report about the appearance of the malware as an invoice disguised as a PDF document, which reloads a banking Trojan when executed.+++

Emotet Screenshot neue Version
Since Christmas last year, no major offensives by the banking Trojan Emotet have been observed. Now it appears in a new shape and is distributed by an insidious blended attack.

The malware specialists from our security lab found a new type of the banking Trojan Emotet on Thursday, 06.09.18 and investigated the attacking method in more detail.

Earlier versions of Emotet were mainly distributed directly in email attachments or through links in email bodies. This new type uses a more complex delivery method: it is hidden in the form of a PDF document disguised as an invoice and attached to a phishing email.

Emotet phishing email

Phishing email with attached PDF document

Emotet PDF document

PDF document with link to Office file

The content of this PDF document contains a link to download an Office file.

Emotet office document

Office document

Once the user opens the file, a macro is executed that downloads the dangerous malware.

Statische Analyse Emotet Code-Fragment

Static analysis – code fragment

Emotet uses this cover-up technique to circumvent virus filters and sandbox analyses. So far this seems to work well, because not even a third of the antivirus programs listed on VirusTotal classify the file as dangerous.

On the safe side with Advanced Threat Protection

The URL scanning feature of Hornetsecurity’s Advanced Threat Protection detects files, however well hidden they may be, and protects customers’ IT from this persistent blended attack even before the phishing mail arrives.

Additional information:

Malware – Cybercriminal’s favourite

Malware – Cybercriminal’s favourite

by | Nov 19, 2018 | Security information, Security Information

When the question is brought up as to what the term malware is all about, most people do not understand what the term is about. Often words like “virus” or “Trojan” are used. This is not necessarily wrong, but also not actually right. After all, the topic is much more complex and is not just about viruses and Trojans.

This blog post gives an insight into the world of malware and explains what the term actually stands for, why cybercriminals use malware and what kind of security measures are available.

More than just viruses and Trojans

“Malware” is a neologism composed of the two English words “malicious” and “software”. Mistakenly, malware is often used synonymously for the words virus or trojan, but the world of malware is much larger and more complex. In fact, malware is simply a collective term for various malicious programs, which in addition to viruses and Trojans also include “exploits”, “backdoors”, “spyware”, “worms” and ransomware – to name just a few of the most important representatives.

According to a study by av-test.org, trojans made up the majority of widespread malware on Windows with 51.48 percent. Far behind rank viruses with 18.93 percent followed by scripts with 10.56 percent. All other types of malware, such as ransomware, only play a minor role in the frequency of their occurrence.

Percentage of malware types

%

Trojans

%

Viruses

%

Scripts

 

Viruses, Trojans and worms – what are the differences?

 

Computer viruses are the classic type of malware and were already developed in the early 1970s. They are designed to infect other files and can spread from one computer system to another and contaminate it as well. Viruses cannot be activated without human intervention because the compromised file must be executed first.

 

A Trojan, on the other hand, is not a virus, but a malicious program that disguises itself as a good-natured application – which is why it is often referred to as a “Trojan horse”. Unlike viruses, Trojans do not replicate themselves. They allow hackers to take control of the infected system via a so-called “backdoor”.

 

Computer worm differ from viruses in their ability to spread without any intervention. By using a data interface, the malicious program can spread automatically. Since the worm can replicate itself within the system, there is a danger that not only one worm but hundreds or even thousands of copies will be sent. In the final instance, this can result in a system having to provide so many resources that no response or only extremely slow feedback occurs.

 

Spyware – The Spy in the System

 

spyware is considered the spy among malware types. It is out to record and steal entered user data. For example, it records logins in social media accounts or spies on account data during online banking. The captured data is then transferred to the hackers, who either resell it or misuse it for their own, mostly financial, interests.

Spyware can appear in different ways. On the one hand, it is possible that a so-called “keylogger” is used, which records keystrokes. On the other side, “Screencast” can be used to monitor the user’s screen activity. Hackers can also use a “browser hijacker”
Malware infocgraphic
Download graphic in high resolution

 

Ransomware – When the computer demands ransom money

Ransomware is a form of malware that is able to prevent access to all data stored on a computer. The hackers encrypt the files stored on the hard disk and after a successful infection usually leave a message on the screen of the victim with the demand a ransom. If this doesn’t happen, it is threatened that the encrypted files – depending on the implementation of the Ransomware – will not be decrypted or even deleted.

There are plenty of ways to infect computers with ransomware. By far the most common gateway, however, is email communication. The cybercriminals often use social engineering to impersonate a well-known organization or a familiar person in order to suggest trust.

to impersonate a well-known organization or a familiar person in order to suggest trust.
In many cases, the Ransomware is contained in an Office document that is sent as an attachment. A pretext is used to persuade the recipient to open the file. In this case, all data on the hard disk is encrypted. Especially in recent years, there have been massive Ransomware attacks, known as „WannaCry“ or „Petya“. Even if Ransomware only appears rarely in the frequency of occurrence: The damage that can be caused by the aggressive cryptotrojans should never be underestimated! Measured in absolute figures, one percent of total malware worldwide is still a significant number.

 

 

 

Exploits and Backdoors – The ace up the sleeve

 

Exploits are a popular tool used by hackers to exploit vulnerabilities or security gaps in software and use them to enter computer systems. An exploit can be a simple theoretical description of a vulnerability or a directly runable program code.

 

The range of different types of exploits is so wide that there is the right exploit for almost every occasion. They differ not only in the type of attack, but also in their effects. Depending on its type, the malicious program can write or read data, for example, or even crash a system. Well-known exploit types are the zero-day attack and the denial of service exploit (DoS exploit).

 

 
A backdoor, on the other hand, represents an alternative, mostly hidden access to a software or hardware system. This enables the provider and its partners (e.g. secret services) but also hackers to circumvent the access protection and gain access to the system. As already mentioned, Trojans also have a backdoor, but it has to be clearly defined: The Trojan only serves as a means to an end, since it pretends to be a useful program and ensures that the computer can be compromised via the built-in backdoor. The backdoor ifself does not require a Trojan, as it can be installed in the system from the very beginning.  

 

Many types of malware, one solution?

The professionalism of malware attacks is increasing day by day. In particular, attacks through ransomware are very popular among cybercriminals. Those who think that there is THE solution to the problem of malware are unfortunately mistaken. Rather, a company should have a sophisticated security concept with many different measures. In the following we will describe in detail which measures can be considered.

Many components must work well together to achieve an optimum of protection against malware. However, the most important point is to increase the awareness of employees against cyber attacks. A company’s employees must be conscious of the threats caused by malware. Information about the various malware distribution channels should therefore be integrated into the daily work routine in regular training courses, for example.

To be on the safe side, companies are advised to use a spam filtering service to prevent malicious emails from reaching employees’ email inboxes in the first place. In the unlikely event that a malware program should ever be able to infect an employee’s computer, then an antivirus program is still a useful method of defeating the invader.

Also updates should not only be common for antivirus programs. It is advisable to establish a process that regularly reviews the actuality of the programs used, in order to update them if necessary. Those who stick to these tips are at least less likely to become a victim for cybercriminals.

 

 

Additional information: