JULY 4, 2014
Your regular source of security updates from TrendLabsSM
In This Issue

Security Spotlight
One Document Exploit, Several Targeted Attacks

Security for Home Users
Smarter Living

Security for Business
Endpoint Security Evolution



Security Spotlight

One Document Exploit, Several Targeted Attacks

Tools and patches work very well but an educated team also helps a lot in defending against social engineering—attackers’ most favored means to get into target networks.”



Emails are still the most commonly used means to infiltrate networks and systems. Attackers know and so abuse this fact. But because companies believe emails are still the most secure and convenient means to send and receive business correspondence, problems arise.

Attackers craft contextually relevant emails to entice potential victims to click malicious links or to download malicious files. They often use attachments posing as memos from high-ranking company officials to distribute malicious links or files. They have even started creating exploit templates to make distribution easier and less resource intensive. Some have even started selling these templates to their peers underground. We know this because we’ve seen one particular document exploit used in several targeted attacks.

Patching Holes

Multiple instances where email attachments are used to lure people into downloading malware onto their computers stress just how important application patching is. We’ve seen vulnerabilities with already-existing patches repeatedly exploited in attacks. Unfortunately, however, this isn’t likely to end in the near future.

Educating the Weakest Link

Attackers know that emails work because they are constant communication tools the weakest link in companies—humans—use. As such, they use every possible social engineering lure to exploit vulnerable computers and networks. The more people know about threats, the fewer the chances that attacks will get them to click malicious links or to download and run malicious exploits.

That’s why educating employees on online threats and security is critical. Tools and patches work very well but an educated team also helps a lot in defending against social engineering—attackers’ most favored means to get into target networks. With awareness comes smart decision making. Knowing threats and securing against them by looking at past cases definitely help thwart attacks.

Hardening Systems

Using a comprehensive security solution is critical in protecting against any kind of attack. Companies can also benefit from hardening systems by building their own incident response team and by gathering threat intelligence, alongside penetration testing. These effectively arm companies against breaches. Getting data stolen can hound companies. That’s why they should cover all their bases—educate their employees and harden their systems.

Copyright ©2014 Trend Micro Incorporated. All rights reserved. Trend Micro and the Trend Micro t-ball logo are trademarks or registered trademarks of Trend Micro Incorporated. All other company and/or product names may be trademarks or registered trademarks of their respective owners. The information contained in this document is subject to change without prior notice.

www.trendmicro.com

  CONNECT WITH US ON: