Diving into Cyber Threat Intelligence
A recent McAfee Labs report sheds light on cyber security trends and best practices.
Of those who indicated sharing cyber threat and attack information in the March 2016 McAfee Labs Threats Report, 97% reported seeing value in doing do.
Unfortunately, while most agree that there is value in sharing information, the reasons companies give for not sharing information about cyber threats is revealing.
The key reasons why information about attacks is not shared were found to be:
- Over 50% stated company policy prohibits sharing the information
- Over 20% state that industry regulations prevent sharing
- About 20% are concerned that the shared information would be linked back to their firms
Along with these concerns are ongoing investigations that prevent the sharing of information, since investigators are in pursuit of tracking down and catching the bad guys. Then there are concerns over legality and liability.Adwind
The report also observes a second key growing concern about the Adwind remote administration tool (RAT), which is a Java-based backdoor Trojan targeting various platforms supporting Java files. Adwind is propagated through spam campaigns that employ malware-laden email attachments, compromised webpages, and drive-by downloads.
The prevention methods suggested by McAfee Labs to combat .jar malware such as Adwind include the following:
- Keep systems current by applying the latest security technology updates and anti-malware definitions
- Enable automatic operating system updates, or download operating system updates regularly, to keep them patched against known vulnerabilities
- Configure anti-malware software to automatically scan all email and instant-message attachments
- Make sure email programs do not automatically open attachments or automatically render graphics, and turn off the preview pane
- Configure browser security settings to medium level or above
- Use great caution when opening attachments, especially when those attachments carry the .jar, .pdf, .doc, or .xls extension
- Never open unsolicited emails or unexpected attachments -- even from known people
- Beware of spam-based phishing schemes; don't click on links in emails or instant messages
All of the above recommendations involve human behavior, and changing behavior isn't always easy. Even keeping IT staff to the standard of patching and updating won't solve the security issues because users still continue to click away unknowingly. Some IT folks will even avoid patch and change initiatives in hopes of temporary stability.