AUGUST 23, 2013
Your regular source of security updates from TrendLabsSM
In This Issue

Security Spotlight
Phishing Attack Targets Chase Customers

Security for Home Users
How to Protect Your Mobile Privacy

Security for Business
Human Factor, the Routine Threat Vector?



Security for Business

Human Factor, the Routine Threat Vector?

Use proactive security technologies that don’t only rely on traditional measures like blacklisting, as threats can now bypass them. Most malware attacks on companies are customized; traditional antivirus solutions aren’t made to detect them.”



In this year’s DEF CON, security researchers unraveled the secrets to hacking home network devices like automation systems. These looming unconventional threats don’t discount conventional threats, which now have major twists. But their modus operandi remains the same—attack the man, attack the machine.

Tools Attack Business Norms

Cybercriminals are interested in the mobile market. The growing number of mobile attacks put businesses at risk of information loss or theft. The Evil FOCA, for example, broke out during DEFCON. It used an existing vulnerability on the IPv6 platform and presented a new tool to exploit it.

Two reasons make tools like this stand out. First, they simultaneously attack both the human and machine factors in networking. Second, though they can be prevented, they’re usually ignored. Researchers agree that failing to configure default network settings is aggravating the IPv6 problem.

The Conscious Business

With a steady flow of conventional and high-risk unconventional threats, businesses need to take a stand to protect themselves. It is not enough to download free antivirus solutions, rely on blacklisting methods, or trust spam filters. Businesses need proactive, custom defense strategies to gain security intelligence and keep cybercriminals at bay.

Here are a few steps that can go a long way when dealing with enterprise attacks:

  • Guard your emails.
    • Keep mobile device security solutions updated to prevent exploits that come via emails and other apps.
    • Implement a comprehensive BYOD policy that protects corporate data sent via emails when using mobile devices and apps.
    • Look at comprehensive mail server security solutions that keep up with the latest spamming, phishing, and other email threats.
  • Amplify antivirus security with more comprehensive solutions.
    • Use proactive security technologies that don’t only rely on traditional measures like blacklisting, as threats can now bypass them. Most malware attacks on companies are customized; traditional antivirus solutions aren’t made to detect them.
    • Amplify your company’s security by ensuring that your employees know how threats get into systems through social engineering lures.
  • Gather security intelligence from your network.
    • Track known targeted attacks’ network patterns, including similar file and challenge requests.
    • Research specific URL parameters and packet headers known targeted attacks and related malware components use.
    • Watch out for common port and SSL communication patterns to know when something doesn’t fit.

Copyright ©2013 Trend Micro Incorporated. All rights reserved. Trend Micro and the Trend Micro t-ball logo are trademarks or registered trademarks of Trend Micro Incorporated. All other company and/or product names may be trademarks or registered trademarks of their respective owners. The information contained in this document is subject to change without prior notice.

www.trendmicro.com

  CONNECT WITH US ON: