5 Places Ransomware and Malware Can Hide That You May Never Check

| November 3, 2016

article image
While many cybercriminals complete data retrieval in a matter of minutes or less, others prefer a long-haul approach to harvesting protected information. The recent surge in advanced persistent threats (APTs), ransomware, and other sophisticated crime is an indicator that well-hidden viruses are definitely something to watch out for. Three out of ten organizations believe they were hit by an APT in 2015, according to Galois research. The latest security threats are characterized by their ability to remain undetected for long periods of time on a company's network. In some cases, criminals have gone unnoticed for years. IT pros need to be prepared for a new generation of malware and ransomware that are subtle, but dangerous. Join us as we review where APTs, ransomware, and other sophisticated malware can hide in your network and how to be prepared to protect your organization.

Spotlight

PortSwigger Web Security

PortSwigger Web Security is a global leader in the creation of software tools for security testing of web applications. For nearly a decade, we have worked at the cutting edge of the web security industry, and our suite of tools is well established as the de facto standard toolkit used by web security professionals. The team behind Burp Suite is growing steadily, and we are currently looking for outstanding Java developers to join our core product team. We are genuinely Agile: we rigorously employ TDD; we pair-program on a daily basis; we engage in regular retrospectives and knowledge-sharing sessions; we focus relentlessly on quality; we work on a single code branch that is releasable at all times.

OTHER ARTICLES

Cybersecurity Must Be Embedded in Every Aspect of Government Technology

Article | March 17, 2020

Cybersecurity has never been more important for every level of our government. The hacking attempts at major federal agencies have raised the profile of nefarious actors who use their highly advanced cyber skills to exploit both security and the vulnerabilities created by human error. Just last month, the Department of Defense confirmed that computer systems controlled by the Defense Information Systems Agency had been hacked, exposing the personal data of about 200,000 people. Additionally, the Department of Justice recently charged four members of the Chinese military for their roles in the 2017 Equifax breach that exposed the information of 145 million Americans. The hackers were accused of exploiting software vulnerability to gain access to Equifax’s computers. They are charged with obtaining log-in credentials that they used to navigate databases and review records.

Read More

EMAIL SECURITY CONCEPTS THAT NEED TO BE IN YOUR EMAIL INFOSEC POLICY

Article | June 16, 2021

Compliance requirements have become more complex because of the continual evolution of security threats and vulnerabilities. Many organizations fail to create an extensive security program to cover their challenges. Emails are one of the most susceptible channels for cyber-criminals to operate. This is why every organization must pay keen attention to email security policies in cybersecurity. Because emails are prone to cyberattacks, enterprises and individuals must take critical measures to secure their email accounts against unauthorized access. Malicious actors use phishing to trick recipients into sharing sensitive information, either by impersonating trusted contacts or legitimate business owners. Email is still one of the most vulnerable avenues for hackers and cyber crooks. Here are the critical email security concepts that need inclusion into your information security policy.

Read More

A 4 Step Guide to Stronger OT Cybersecurity

Article | April 14, 2020

Security and risk management leaders at organizations around the world are increasingly concerned about cybersecurity threats to their operational technology (OT) networks. A key driver behind this is that cyberthreats, like disruptionware, are increasing in quantity and sophistication all the time. Industrial control system (ICS) networks are categorized as high risk because they are inherently insecure, increasingly so because of expanding integration with the corporate IT network, as well as the rise of remote access for employees and third parties. An example of an IT network within a control system is a PC that’s running HMI or SCADA applications. Because this particular PC wasn’t set up with the initial intention of connecting to IT systems, it typically isn’t managed so can’t access the latest operating system, patches, or antivirus updates. This makes that PC extremely vulnerable to malware attacks. Besides the increased cyberthreat risk, the complexity resulting from IT–OT integration also increases the likelihood of networking and operational issues.

Read More

SASE: A NEXT-GENERATION CLOUD-SECURITY FRAMEWORK

Article | November 3, 2020

The ongoing pandemic has forced organizations across the globe to install work-from-home policies. A majority of the workforce in various industries, especially IT, have already adapting to working remotely. With a sudden rise in remote users and growing need and demand for cloud services, a huge volume of data is being transmitted between datacenters and cloud services. This has also given rise to the increased need for network security and a safer means of data transmission. The existing network security approaches and techniques are no longer dependable for the required levels of security and access control. To secure these surging digital needs, Gartner debuted an emerging cybersecurity framework in the form of what it calls SASE.

Read More

Spotlight

PortSwigger Web Security

PortSwigger Web Security is a global leader in the creation of software tools for security testing of web applications. For nearly a decade, we have worked at the cutting edge of the web security industry, and our suite of tools is well established as the de facto standard toolkit used by web security professionals. The team behind Burp Suite is growing steadily, and we are currently looking for outstanding Java developers to join our core product team. We are genuinely Agile: we rigorously employ TDD; we pair-program on a daily basis; we engage in regular retrospectives and knowledge-sharing sessions; we focus relentlessly on quality; we work on a single code branch that is releasable at all times.

Events