Just a few years ago, the biggest concern for most IT administrators was viruses coming into their organization's networks via email attachments. The unwary user would click on an attachment and install a virus on their computer, doing damage to their own computer and to the local network.
Today, these viruses and worms still exist, but their threat is relatively mitigated with the prevalence of anti-virus scanners on the edge of the network, on servers and on desktops.
As hackers realize this, they've moved their attacks to areas that have less security, specifically web sites that employees have access to. In addition, attacks have become more targeted and in smaller volume. URL's of websites that have malicious content are now emailed to specific targets with personalized emails. Recently, an attack targeted only 500 executives, rather than the widespread mailings administrators are accustomed to with spam. While this one contained a payload, a more recent attack targeting workers at Berkeley Lab targeted employees by asking them to divulge personal information at a website.
What's an IT administrator to do about all these targeted attacks? First, make sure all your anti-virus and anti-malware software is up to date. Second, make sure your users are familiar with phishing and know to check the actual URL's before clicking on any URL's in an email message. Finally make sure you have a security device like a proxy, that knows sites that contain malicious content and blocks those sites. In recent attacks of well known websites, the URL databases of the best proxies had the malicious websites (the URL's embedded into the well-known sites to cause harm) already categorized as malicious and blocked their access by end-users (who were behind the proxy).
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment