October 4, 2012
There has been a recent surge in the number of malware infecting computers. To ensure data protection, it is crucial that employers and their workers are aware of the techniques cybercriminals use to spread viruses, and take the necessary steps to protect information.
A recent survey conducted by Solutionary's Security Engineering Research Team (SERT) analyzed the trends and tactics hackers employ to distribute malware. According to the Q3 2012 SERT Quarterly Research Report, 92 percent of malware from the last quarter was mass distributed, and 60 percent of those instances were undetected by antivirus software.
"Cybercriminals constantly evolve malware and attack techniques to evade security and gain the most profit from their targets," said Rob Kraus, the director of SERT.
Cybercriminals can bypass controls and lure consumers to compromised websites by disguising phishing emails as important messages from UPS or the Better Business Bureau (BBB), the source reported. If a person clicks on a link in a malware-infested email, he or she is redirected to a Blackhole Exploit Kit landing page, which may download additional malware.
The majority of infections were performed using the man-in-the-browser technique to inject a Trojan on a computer and covertly steal bank information, according to the survey.
Majority don't feel safe
To reinforce the importance of data security, McAfee and the National Cyber Security Alliance recently released a survey that showed people do not believe their information is safe online. Ninety percent of Americans feel that a safe internet is important for the nation's economy, however, the same amount said they are not convinced their personal data is protected from malware and viruses. The report showed that 25 percent of Americans were victims of a data breach that resulted in the exposure of confidential data, which reaffirms society's concerns about web security.
Because the majority of malware is mass distributed, as shown by the SERT survey, businesses of all sizes are potential targets. Therefore, it is crucial that decision-makers put protective measures in place. Employees should use password protections on accounts and encryption on all documents. They should also be educated on internet safety, and taught never to open suspicious links from unknown senders. To ensure security, workers should regularly test safety controls to determine if any changes need to be made.
-McAfee Cloud Security