Malware On The Rise

Here at Pivot Point Security, we strive to educate our customers however we can. This might be via email, a phone call, on the job, or through the website. In previous articles we’ve shared information on ZeuS, SpyEye and OddJob. We also shared an important alert about fake LinkedIn emails going around the Internet which contain a link to download the ZeuS malware.

Smartphone ZeuS

Just yesterday Marc Silverman, Sr. Security Consultant at Pivot Point Security, found and shared an article from Security Week about ZeuS / SpyEye Source Code being leaked to the public. In Marc’s internal email about this article, he stated, “We can expect a LOT more variants to pop up.”

Marc is right. Knowing that the source code for such a malicious malware is floating around the Internet, it is only a matter of time before we begin to see ZeuS variants surface. In fact, I wouldn’t be surprised if it starts showing up on mobile devices such an Smartphones.

Timing can be perfect sometimes as just today Social Times shared a fantastic Infographic which illustrates the threat of mobile malware. The Infographic, created by BullGuard, is extremely detailed but I want to point out a few notable facts.

• In 2004, researchers found the first case of mobile malware
• In 2010, the first bank-phishing app was identified in an app market.
• In 2011, a Botnet-enabled malware his Android devices and affected about 250,000 users

Mobile Malware Infographic

In the article Social Times article from Megan O’Neill she asks, “Are you protecting yourself from Smartphone hackers?” So are you? When so many businesses rely on Smartphones and mobile tablet devices, the ethical hacker is as needed as always. Yes you can check your settings, adjust your privacy preferences and uncheck desired options. However, as a business, are you implementing the appropriate controls to mitigate the risk of a malware attack through Smartphones? Are you engaging with an independent information security company for appropriate testing each yearly or on a quarterly basis? If the answer is no, then please give us a call to discuss why you should.

Free Download: ISO 27001 Implementation Roadmap

Have no fear – our “roadmap” will guide you, step by step, through the entire ISO 27001 process.

Getting to ISO 27001 certification is a process made up of things you already know – and things you may already be doing!

Free Whitepaper: Stop Wasting Money on Penetration Testing

Penetration Testing is most frequently performed to:

• Substantiate the net effectiveness of a mature control environment
• Prove to a third party that an environment is secure/trustworthy
• Quickly assess the security of a less mature control environment (in a sense a technical risk assessment)
• To validate that significant changes did not have unanticipated results

Best Practices for Firing A Network Security Administrator

Want to know how to fire a Network Admin? Need to know what precautions to take? Firing any employee can be a stressful event. Firing one who has significant knowledge of and privileged access to your Information Technology/Security infrastructure is even more stressful, as the risks are so notable.

Download: Information Security Attestation Guide

A Best-Practices Guide to Information Security Attestation

Download our proven Information Security Guide to simplify the process of protecting your data, proving you’re secure and growing your business.

Is ISO 27001 Right for (Y)our Organization?

Thinking about ISO 27001 Certification? View our free On-Demand ISO 27001 Webinar

• How to deal with increasing threats
• How to manage multiple regulatory requirements
• How to handle client requests for attestation
• To validate that significant changes did not have unanticipated results

Free Whitepaper: Five Best Practices for SIEM

The promise of SIEM is the consolidation of all relevant Security Event Logs from disparate sources into a single unified and normalized data store.

• Simplify compliance monitoring/reporting
• Vastly improve Incident Detection & Incident Response
• Contextualize event information with other business relevant information

Free Download: A Best Practices Guide to Database Security

Because data is only as secure as the systems & processes it relies on – a holistic approach to data security is essential. This roadmap is not meant to be exhaustive but rather to stimulate the necessary thought process to put you on the path to good data security.