Partner Perspectives  Connecting marketers to our tech communities.
SPONSORED BY
5/9/2017
11:00 AM
Malwarebytes Labs
Malwarebytes Labs
Partner Perspectives
50%
50%

Malspam Causing Havoc for Mac & Windows

Spam is a multi-platform, multi-vector approach to network compromise, and organizations need to weigh up the risks on all fronts to be able to combat it successfully.

Spam campaigns continue to be a major problem for businesses across the globe, serving up a mixture of malware, phishing, identity theft, and more. With scammers spiking activity in February after what appeared to be a bit of an extended holiday, malware spam (Malspam) attacks have returned in full force. Fax notifications, scanned images, resumes, and traffic tickets have all been successfully used as bait, often using password-protected documents and zipfiles attempting to defeat automated analysis.

Even as business shores up the technical side of things, Malspam authors hope to exploit the supposed weak link in the security chain – the non-security trained employee. A disaster of this nature poses a major risk both in public and behind the scenes. The two primary targets we see are finance and social media, and scammers hope to see a lethal combination of low/no security, and poor staff training in order to pull off a successful attack.

The soft HR/Finance Underbelly
If an unwary employee in HR or finance receives a "late payment" or tax invoice missive, there is a good chance they won't stop and think before opening the infected file (usually via the password pasted into the email itself - another evasion tactic). If this happens on a network with no suitable protection in place, that organization is looking at downtime, data theft, and even a dose of ransomware for their troubles.

From banking Trojans and clickfraud to "pump and dump" stock campaigns, the playing field for these attacks is a large one and it's essential that a layered defense goes hand in hand with regular, thoughtful training sessions for those guarding the financial keys to the kingdom.

Financial Lockdown
Give your HR and finance teams an insight into the world of fake tax invoices. Let your CFO know about the ever-present threat from CFO fraud spam, along with ways to spot a fake. If you don't have a "two factor" method for authenticating wire transfers, do it now, or risk losing hundreds of thousands of dollars, or even (in the worst examples) millions to a CFO scammer. Just one incident could not only cause endless column inches about how badly your company got it wrong, but conceivably put you out of business.

Even your social media accounts aren't free from spam worries; we often see fake accounts pretending to be real companies that insert themselves into customer support conversations on Twitter in an effort to send victims to phishing or malware pages. Typically, they do this when the official Twitter support account isn't being used, so by the time the staff log in the next day it's too late.

Companies may wish to divide social media duties between different time zones to combat this, and also backtrack on conversations to ensure scammers haven't worked themselves into the debate. If it's possible to verify the identity of your account on a particular service, this will definitely help to prove your credentials. It's essential to explain to the people responsible for these social media accounts what dangers lurk, or else they can't effectively safeguard the interests of your customers on a daily basis.

Spam is a multi-platform, multi-vector approach to network compromise, and we need to weigh up the risks on all fronts to be able to combat it successfully. Whether finance or front line social media support, the time is now to take action and shore up those defenses.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
5 Reasons the Cybersecurity Labor Shortfall Won't End Soon
Steve Morgan, Founder & CEO, Cybersecurity Ventures,  12/11/2017
BlueBorne Attack Highlights Flaws in Linux, IoT Security
Kelly Sheridan, Associate Editor, Dark Reading,  12/14/2017
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Malwarebytes protects businesses against malicious threats that escape detection by traditional antivirus solutions. Malwarebytes Anti-Malware, the companys flagship product, has a highly advanced heuristic detection engine that has removed more than five billion malicious threats from computers worldwide. SMBs and enterprise businesses worldwide trust Malwarebytes to protect their data. Founded in 2008, the company is headquartered in California with offices in Europe, and a global team of researchers and experts. For more information, please visit us at www.malwarebytes.com/business.
Featured Writers
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security: 2017
A look at the biggest news stories (so far) of 2017 that shaped the cybersecurity landscape -- from Russian hacking, ransomware's coming-out party, and voting machine vulnerabilities to the massive data breach of credit-monitoring firm Equifax.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.