Thursday, March 18, 2010

There is No Security Patch for Stupidity

At Razorpoint, we spend a lot of time trying to stay ahead of malicious attackers and cybercriminals. We track the newest, most advanced techniques so that we can work with our customers to repel attacks. That's why we were floored by this article:

According to Bloomberg News "hackers infiltrated the computer networks of more than 2,400 companies in almost 200 countries over an 18-month period." When we took a closer look at these attacks we noticed something very interesting:

"The attack uses a piece of software called ZeuS, designed in Eastern Europe, that takes control of large numbers of computers. These so-called botnets of computers are deployed to extract login and personal information related to e-mail, financial and social-networking Web sites."

ZeuS (aka Kneber) is a bot that steals information by keystroke logging. This method of infiltration is over 10 years old and it should not work anymore. Yet it does - because users continue to fall for the same dumb tricks. They open attachments to email that they shouldn't. They respond to phishing emails.

ZeuS and other bots now control more than 100 million computers worldwide. ZeuS targets login credentials for online social networks, e-mail accounts, and banking. Anti-virus software may not offer protection. The primary way to prevent infection is to offer training and security awareness to prevent your employees from clicking on hostile or suspicious links in email and in social networks.

Razorpoint knows that the Internet is still a target-rich environment. While there isn't a security patch for stupidity you can help protect your company by employing our endpoint client protection service (Rz.Endpoint). Additionally, companies should have regular comprehensive security assessments conducted in an effort to stay ahead of attacks like this.