Document-Based Malware on the Rise in 2019

Infosecurity Magazine | April 04, 2019

Evolving malware continues to pose threats to business, and new research has revealed a rise in the use of document-based malware since the start of 2019. According to the newest Threat Spotlight from Barracuda Networks, researchers analyzed emails and identified more than 300,000 unique malicious documents, representing 48% of all malicious files detected in the last 12 months. The frequency of document-based malware rose dramatically in the first quarter of 2019, with 59% of all malicious files coming from documents. “For the past couple of years, script files were a very popular attack method. The percentage of these sort of files declined drastically, however, and was a significant source of the increase of documents as an infection method,” said Jonathan Tanner, senior security researcher at Barracuda Networks. Although documents are good for targeted attacks, the document-based malware analyzed were all used in phishing campaigns. However, Tanner said they are used in targeted attacks as well since as a file type they are less suspicious and more common in clean emails than other file types that could contain malware.

Spotlight

Agio, the progressive managed infrastructure and cybersecurity firm, specializing in the alternative asset management space. Their challenge is to meet clients' complex compliance requirements and security needs with a managed service. They chose McAfee to overcome this challenge. They have implemented McAfee Next Generation Firewall (NGFW), network security platform Intrusion Prevention System (IPS) and ePolicy Orchestrator (ePO). The results of implementing McAfee were offers clients a comprehensive solution that meets regulatory compliance standards, protects enterprise networks with intelligent, high performance security and delivers centralized management for greater efficiencies.

Spotlight

Agio, the progressive managed infrastructure and cybersecurity firm, specializing in the alternative asset management space. Their challenge is to meet clients' complex compliance requirements and security needs with a managed service. They chose McAfee to overcome this challenge. They have implemented McAfee Next Generation Firewall (NGFW), network security platform Intrusion Prevention System (IPS) and ePolicy Orchestrator (ePO). The results of implementing McAfee were offers clients a comprehensive solution that meets regulatory compliance standards, protects enterprise networks with intelligent, high performance security and delivers centralized management for greater efficiencies.

Related News

PLATFORM SECURITY

Delinea Onsite Survey Reveals Top Cybersecurity Concern in 2022

Delinea | June 10, 2022

Delinea, a leading supplier of privileged access management (PAM) solutions for seamless security, today released the findings of its own anonymous onsite poll of cybersecurity experts attending this week's RSA Conference at the Moscone Center in San Francisco. The poll of over 100 cybersecurity experts questioned participants about their top cybersecurity worries for 2022, as well as where they stood on cyber insurance and cyber hygiene procedures. Notably, the poll discovered that cloud security (37%) would be the top cybersecurity issue in 2022, surpassing ransomware (19%) and remote employees (17%). According to the poll, 80% of respondents believe their company has not been infiltrated in the last 12 months. This positive effect might be attributed to greater cyber hygiene among workers. According to the poll, 59% of respondents do not use the same password on several accounts, and almost two-thirds (66%) utilize multi-factor authentication (MFA) wherever it is available. "Protecting digital assets in the cloud is becoming priority number one, reflecting a more proactive approach to cybersecurity. As businesses become more reliant on the cloud for infrastructure, application development, and business process automation, security skills and solutions need to keep up. Securing privileged access to cloud infrastructure and workloads before attackers take advantage is imperative." Joseph Carson, chief security scientist and advisory CISO at Delinea Joseph Carson further added "Passwords should never be the only security control for accessing critical systems, applications, and privileges. By implementing MFA controls, it adds an extra layer of protection, should an attacker be able to compromise a password. MFA should be required not only at system log-in, but also at the point of horizontal and vertical privilege elevation."

Read More

SOFTWARE SECURITY

McAfee and Telstra Partner to Bring Privacy, Identity and Security Solutions to Customers Across Australia

McAfee | July 11, 2022

Today, McAfee Corp., a global leader in online protection, announced a multi-year partnership with Telstra, Australia’s leading telecommunications and technology company, to deliver comprehensive protection to safeguard the privacy and identity of consumers across activities, devices, and locations. The partnership will grant new and existing Telstra customers easy access to McAfee’s leading security solutions to deliver holistic security and privacy protection through its integrated suite of services including Antivirus, Parental Controls, Identity Protection, Secure VPN and more, to protect and secure multiple devices including mobiles, PCs and laptops. “A recent McAfee study found 27% of Australians surveyed reported attempted account theft and 23% had experienced financial account information leaks. “As the proliferation of life online accelerates, we are thrilled to be partnering with Telstra who are showing through this collaboration, a commitment to innovation and to their customers by investing in new infrastructure and technologies that safeguard their mobile and broadband subscribers.” Pedro Gutierrez, Senior Vice President of Global Sales and Operations at McAfee McAfee’s integrated consumer security platform offers a wide array of mobile security solutions to protect customers’ privacy and identity while blocking viruses, malware, spyware, and ransomware attacks. This partnership allows Telstra’s customers to take advantage of these capabilities and protect themselves from additional threats including potential hacks, identity theft and broader gaps in online and mobile security so they can live life confidently online. “In today’s increasingly connected world the risk of cyber threats continues to grow. To counter the risk, Telstra is committed to providing our customers with the safety and security features needed to protect them online,” said Matthew O’Brien, Cyber Security Executive and Group Owner at Telstra. “This partnership with McAfee helps drive our mission to build a safe and secure connected future where everyone can thrive, and further complements Telstra’s T25 ambition to extend our network leadership position by delivering greater value to our customers.” To activate Device Security, Telstra customers can simply go in-store, online or to their MyTelstra app. The full suite of McAfee features supported include Antivirus/System Scan, Safe Browsing, Protection Center, Identity Protection, Password Manager, Parental Controls, Protection Score and Secure VPN. All eligible Telstra customers can try Device Security for three months on Telstra, then auto-roll onto $10/month after. About McAfee McAfee Corp. is a global leader in online protection. Focused on protecting people, not just devices, McAfee’s solutions adapt to users’ needs in an always online world, empowering them to live securely through integrated, intuitive solutions that protect their families and communities with the right security at the right moment.

Read More

DATA SECURITY

Cyware Achieves SOC 2 Type 2 Compliance for Data Security

Cyware | June 24, 2022

Cyware, the industry's leading provider of the technology platform for building Cyber Fusion Centers for businesses and threat intelligence sharing for ISACs and ISAOs, announces the successful completion of the System and Organization Controls (SOC) 2 Type 2 Audit for the trust services criteria relevant to Security ("applicable trust services criteria") set forth in TSP section 100, Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Integrity, Confidentiality, and Integrity, Confident (AICPA, Trust Services Criteria). The result demonstrates the company's dedication to the highest levels of data protection. The American Institute of Certified Public Accountants (AICPA) developed SOC 2 as a reporting framework that establishes guidelines for Software-as-a-Service (SaaS) enterprises that manage customer and user data. The accreditation confirms that the organization's internal systems and controls are in ongoing conformity with the SOC 2 audit criteria. Schellman & Company, a worldwide-recognized attestation and compliance services provider, performed the audit for Cyware. “Commitment to the highest levels of data security has always been one of our foremost business priorities. The SOC 2 Type 2 certification process is not easy to achieve but our team was fully committed and prepared to ensure we check all the required boxes. The new milestone will further strengthen the confidence of our current and future customers in our robust compliance with industry benchmark data security standards including SOC 2 (Type 1 and Type 2) and ISO/IEC 27001:2013.” Anuj Goel, CEO, Cyware Cyware unifies previously compartmentalized security operations, allowing firms to more efficiently automate and exchange threat data, as well as cooperate on threat response inside their security divisions and with other enterprises within their network.

Read More