Top 6 Threats to Enterprise Security

August 29, 2013 12:40 PM

Many red opened locks around one closed blue lock

Maksim Kabakou/Getty Images/iStockphoto

With news of cyberesponiage making headlines, enterprises are taking a closer look at the threats that can impact their business and ultimately their bottom line. McAfee Labs has analyzed the threats of the past quarter for emerging trends, which center on mobile and overall malware. With BYOD becoming ubiquitous, threats that once considered consumer problems are now becoming issues for the enterprise as well. Here are the top six threats to enterprise security.

Wooden horse of Troje to hide people

Targeted Trojans

Attackers use legitimate apps as cover for their malicious code. In the case of KaoSpy, attackers used modified versions of the Kakao talk app and targeting Tibetan activists; this malware is distributed using phishing emails. The malicious spyware collects a large amount of sensitive user information (contacts, call logs, SMS messages, installed applications, and location) and uploads the data to the attackers server. But not all Trojans are so narrowly targeted; BadNews pretended to be a legitimate game app, which in turn collected sensitive user information and sent it to the attacker. As far as BYOD goes, if employees have access to sensitive information, this can be disastrous to an organization.

Mobile Spyware

Mobile spyware, which forwards SMS messages, call logs and location information to the attackers server, has seen a small increase from the previous quarter. For instance, the Android virus Vzw.A downloads a spyware app from the attackers website. Pretending to be a legitimate font installer app, the downloaded spyware forwards SMS messages, call logs and location information to the attackers server.

Spy Deal

Zoonar RF/Getty Images/Zoonar RF

Ransomware

An increasing problem in the last couple quarters, ransomware holds a computer hostage until the victim pays to free it. Samples of ransomware this quarter were over 320,000, more than double as many as last quarter. One reason for its exponential growth is that an ecosystem is already in place to help with services such as pay-per-install on computers that are infected by other malware, such as Citadel, and easy-to-use crime packs are available in underground market.

Phishing

Alex/Getty Images/iStockphoto

Phishing

After peaking during the fourth quarter of 2012, the number of new phishing URLs dropped sharply last quarter, with a modest decrease this quarter. Some of the most heavily targeted companies include Deloitte, Wells Fargo, American Express and JPMorgan Chase.

Hacker downloading information off a computer

Andrey Popov/Getty Images/iStockphoto

Database Breaches

Database breaches have been dominated by vulnerabilities in MySQL, comprising almost 60 percent of all vulnerabilities discovered during 2013. Although database breaches overall have been on the decline since the fourth quarter of 2012, MacAfee says that its too early to deem this a long-term trend.

Magnifying glass focusing on the word Virus on a screen full of alphanumerics

Jonathan Lim Yong Hian

Browser-Based Threats

Browser-based threats, including hidden iframes and malicious Java code, comprise almost three-fourths of the Internets malicious activity. Remote procedure call and SQL-injection attacks, which poison legitimate websites, are the next biggest threats.