2011 social media malware trends
Post on 26-May-2015
795 Views
Preview:
DESCRIPTION
TRANSCRIPT
Social Media as the Top Malware Delivery Vehicle:
How to Protect Your Network
Presented by Paul Henry
Security and Forensic Analyst, Lumension
MCP+I, MCSE, CCSA, CCSE, CISSP-ISSAP, CISM, CISA, CIFI, CCE, ACE, GCFA, VCP, SANS Institute Instructor
Should I allow network users to access social media?
• Impact on productivity
• Lack of control
• Compromise of security
The New World of Social Media Malware
• Attacks are no longer limited to those who post a wealth of private information online
• Hackers now leverage advanced techniques– Click jacking– Spear phishing– Password sniffing
Click jacking
• Click jacking attacks are regularly going viral on Facebook
• Be careful with that ever popular “like” button
Spear phishing
• Phishing now makes up 23 percent of all attacks in the realm of social media
Password Sniffing
• People often share passwords across multiple accounts– It may be a complex password but if shared
across multiple accounts it increases risk
• Just as importantly, what about your secret questions used to reset your password?
Surfing Unencrypted• Users think nothing of surfing social media
sites via open, unencrypted WiFi – You are exposing your account username and
password often• Are you using that password across multiple
accounts?
• A bad guy can harvest your secret questions once he/she is able access your social media accounts….
– Why guess the password when he/she can reset it to the password of his/her choosing?
So What Can You Do?
• Educate users
• Put policies in place
• Patch, patch, patch
• Leverage an endpoint security solution
User Education
• Ensure site visits are encrypted
• Pay attention to what is displayed in the browser bar
• Don’t share personal information, such as birth date or address
• Don’t trust people you don’t know
• Password credentials
User Policy
• Lay out usage policies, such as:– No downloading content from social media
sites– Use your personal email (rather than work
email) for access
• Even better, put tools in place to enforce these policies
Deploy Patches
• The top security priority is patching client-side software (SANS Institute)
• Don’t focus on Microsoft alone – more than 2/3 of today’s vulnerabilities come
from non-Microsoft applications– check Microsoft, Mozilla and Apple regularly
for browser patches
• Look at ALL vulnerabilities (not just critical)
Effective Software
• Multiple Consoles – 3-6 different management consoles on
average
• Agent Bloat – 3-10 agents installed per endpoint – Decreased network performance
• AV is no longer enough
• Move away from point products
What You Need
• At the very least, you should be leveraging software that employs:– Application control or whitelisting– Antivirus– Patch and remediation– Enforcement of the Rule of Least Privlidge
Questions?
top related