OCTOBER 4, 2013
Your regular source of security updates from TrendLabsSM
In This Issue

Security Spotlight
The True Cost of Social Media Post(s)

Security for Home Users
The Ins and Outs of Privacy Policies

Security for Business
Attackers Moving Inside Your Network



Security for Business

Attackers Moving Inside Your Network

Once inside your organization’s local network, attackers will find ways to gain access to other connected computers.”



Once inside your organization’s local network, attackers will find ways to gain access to other connected computers. One way to do this is by Address Resolution Protocol (ARP) spoofing. It allows attackers to steal login credentials that they can use to establish stronger footholds inside networks.

What’s ARP Spoofing?

ARP spoofing isn’t new but it’s a simple and reliable attack tool. It makes computers vulnerable to attackers lurking inside your network. It allows them to steal credentials by sniffing exchanges between connected computers. An ARP spoofing tool also lets attackers deploy known techniques such as injecting invisible malicious iframes into specific sites. These hosted iframes exploit vulnerable computers, giving attackers further access to your network.

ARP spoofing tools can also be used to push malware. Since IT administrators constantly remind employees to update their software, attackers can grab this opportunity to disguise their malware as legitimate software updates that are pushed to employees’ computers.

Knowing Is Half the Battle

You should thoroughly know how your organization’s infrastructure looks. This will let you spot if anything’s amiss. While building internal intelligence and keeping up with network changes are vital, it’s also important to build external threat intelligence. Knowing what’s out there and combining it with what you know about your network, especially its limitations, can help your organization build the best solid defense strategy.

It’s also advisable to use security solutions that can spot malicious communications happening inside your network as well as detect exploits and other suspicious behaviors.

Copyright ©2013 Trend Micro Incorporated. All rights reserved. Trend Micro and the Trend Micro t-ball logo are trademarks or registered trademarks of Trend Micro Incorporated. All other company and/or product names may be trademarks or registered trademarks of their respective owners. The information contained in this document is subject to change without prior notice.

www.trendmicro.com

  CONNECT WITH US ON: