{"id":15094,"date":"2015-08-21T17:09:08","date_gmt":"2015-08-21T17:09:08","guid":{"rendered":"https:\/\/kasperskydaily.com\/b2b\/?p=4431"},"modified":"2020-02-26T11:02:41","modified_gmt":"2020-02-26T16:02:41","slug":"more-than-antivirus-pt-3-recent-changes-on-the-cyberfront","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/more-than-antivirus-pt-3-recent-changes-on-the-cyberfront\/15094\/","title":{"rendered":"More than antivirus pt. 3: recent changes on the cyberfront"},"content":{"rendered":"<p>Businesses today have to face a much greater challenge regarding cybersecurity than a few years ago, mainly because there are more \u201cpossible attack vectors\u201d to be kept in mind. And definitely more of those who would like to help themselves to other people\u2019s money and data with tools of crookery <a href=\"https:\/\/business.kaspersky.com\/cybercrime-inc-how-profitable-is-the-business\/2930\" target=\"_blank\" rel=\"noopener nofollow\">ready off-the-shelf<\/a>. For instance, just three years ago, few had heard of \u201cadvanced persistent threat,\u201d while today this term, among many others, is firmly rooted in the IT security vocabulary. In this post, we\u2019re going to look at what \u201cthreat landscape\u201d (a new term too, by the way) is comprised of today for businesses. But first\u2026<\/p>\n<p><strong>Time it was and what a time it was\u2026<\/strong><\/p>\n<p><em>The \u201cSmall\u201d malware family: Standard resident viruses are added at the end of .com files (except for Small-114, -118, -122, which are written at the beginning) when loading files into memory. Most of the family viruses use commands POPA and PUSHA of 80\u00d786 processors.<\/em><\/p>\n<p>Konstantin Goncharov<a href=\"https:\/\/www.kaspersky.com\/blog\/security-week-digest-33\/9591\" target=\"_blank\" rel=\"noopener nofollow\"> pulled that quote<\/a> from the \u201cComputer viruses in MS-DOS\u201d book by Eugene Kaspersky, published in 1992.<\/p>\n<p>A glorious time when all of the then-extant viruses could be described in a reasonably thin book, and were actually the main \u2013 if not the only \u2013 cyberthreat. As shown in the previous post, viruses are far out of the cybercrime world\u2019s focus, and they are not the primary problem today. Perhaps, everyone would feel\u00a0better if they were \u2013 except for the criminals, of course, who turned the malicious software into a source of profit.<\/p>\n<blockquote class=\"twitter-pullquote\"><p>More than #antivirus pt. 3: something changes, something doesn\u2019t. #protectmybiz<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2F1ahT&amp;text=More+than+%23antivirus+pt.+3%3A+something+changes%2C+something+doesn%26%238217%3Bt.+%23protectmybiz\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p><strong>Threat Landslides: mobile<\/strong><\/p>\n<p>The primary change that took place over the last five years or so is the wide introduction of mobile devices into the business processes, which brought with it a lot of trouble. While <a href=\"https:\/\/business.kaspersky.com\/byod-practice-developed-still-immature\/4031\" target=\"_blank\" rel=\"noopener nofollow\">Bring Your Own Devic<\/a>e has become an accepted practice almost everywhere, there are issues.<\/p>\n<p>First, there is lot of malware for mobiles, especially for Android (up to 99% of mobile malware <a href=\"https:\/\/business.kaspersky.com\/android-financial-attacks-and-current-security-status\/3901\" target=\"_blank\" rel=\"noopener nofollow\">targets this OS today<\/a>). Mobile banking is very popular too, and of course this draws the attention of criminals, who have developed a sheer number of \u201cthievery tools\u201d to extract banking credentials and get access to others\u2019 accounts, both personal and corporate.<\/p>\n<p>What is more troubling, is that just a minority of mobile device users choose to install any security solutions on their smartphones and tablets. Becoming a part of corporate infrastructure \u2013 i.e. being used for working needs \u2013 they also become a potential risk source: risk of both sensitive data loss and\/or hostile infiltration into the corporate infrastructure.<\/p>\n<p>Besides, if a mobile device previously used to store working data and credentials is lost or stolen, a burning question of retrieval or remote wiping emerges so that the sensitive data doesn\u2019t \u201cchange hands\u201d.<\/p>\n<p><em>Counter-action<\/em>: A \u201cjust antivirus\u201d won\u2019t do much good here, even if it is installed on the mobile device (which is rarely a case). What is necessary is a centralized Mobile Device Management solution that \u00a0keeps the IT staff informed of everything that is going on with the mobile devices within the network. A more detailed description of the technology can be found <a href=\"https:\/\/business.kaspersky.com\/mobile-device-management-and-device-control-in-kaspersky-endpoint-security\/1082\" target=\"_blank\" rel=\"noopener nofollow\">here<\/a>.<\/p>\n<p><strong>Threat Landslides: targeted attacks and APT<\/strong><\/p>\n<p>A rather new concept of APT is somewhat vague. Initially, it referred to sustained hackers groups \u00a0involved in continuous and persistent attacks towards a specific victim. Now, it is generally referred to as a specific kind of malicious cyber campaign that involves a series of diverse activities with the intent to cause harm or steal important and sensitive information. The groups behind such attacks are now called \u201cAPT groups\u201d.<\/p>\n<p>While initially attacks\/campaigns of an APT level were targeted at various large organizations, including non-commercial and governmental (check out the latest addition, by the way, BlueTermite), this year there has already been a purely criminal bank-targeting APT, Carbanak, as well as a cyberespionage campaign called Grabit hitting specifically small-to-medium companies, and it doesn\u2019t look like it will take long before APTs become a common\u00a0problem for businesses of smaller size.<\/p>\n<p>In fact, APT attackers use the same initial attack methods as other criminals \u2013 phishing, Trojan, exploits for common and 0day vulnerabilities, etc., but, up to the name, they are very persistent.<\/p>\n<p>Take a look at our recent post \u201cWhat is APT and why is it called that?\u201d.<\/p>\n<p><em>Counter-action<\/em>: First of all, it is necessary to plug all possible holes, namely software vulnerabilities, \u00a0on PCs, servers, and mobiles. Employees should be educated on phishing, how to recognize it, and how not to fall prey to it. Aside from this, a comprehensive security solution is necessary that is capable of blocking phishing attempts, detecting intrusion attempts, and preventing exploits from being ran in the systems, even if there are totally new software vulnerabilities being exploited.<\/p>\n<blockquote class=\"twitter-pullquote\"><p>Threats grow in numbers and diversity, and an #antivirus isn\u2019t a silver bullet against them, if it ever has been.<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2F1ahT&amp;text=Threats+grow+in+numbers+and+diversity%2C+and+an+%23antivirus+isn%26%238217%3Bt+a+silver+bullet+against+them%2C+if+it+ever+has+been.\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p><strong>Threats aren\u2019t going away<\/strong><\/p>\n<p>Mentioned above are just a handful of regular issues that\u00a0businesses have to face; there are also many others: not-so-harmless <a href=\"https:\/\/business.kaspersky.com\/spam-and-phishing-in-q1-2015-banks-and-banking-trojans\/4113\" target=\"_blank\" rel=\"noopener nofollow\">spam<\/a>, <a href=\"https:\/\/business.kaspersky.com\/kaspersky-fraud-prevention\/1493\" target=\"_blank\" rel=\"noopener nofollow\">fraud<\/a>, <a href=\"https:\/\/business.kaspersky.com\/ddos-in-q2-2015-evolving-trends\/4377\" target=\"_blank\" rel=\"noopener nofollow\">DDoS attacks<\/a>, <a href=\"https:\/\/business.kaspersky.com\/ten-facts-about-ransomware\/3400\" target=\"_blank\" rel=\"noopener nofollow\">encrypting ransomware<\/a>, which also deserve a \u201cthreat landslide\u201d status. \u00a0Most likely, new and still unknown threats will emerge during the further\u00a0development of IT. However, a large portion of those are predictable as they depend on software vulnerabilities.<\/p>\n<p>Unfortunately, it doesn\u2019t look like the software flaw \u2013 the actual source of a large part of cyberthreats \u2013 can be beaten any time soon. Keeping track of all of the business software installed within a company may be a burdensome task, and unless there is an automated solution in place the time lag between the release of an\u00a0urgent critical patch and its actual installation may be quite large. And for the criminals it is a window of opportunity.<\/p>\n<p>An automated patch management tool boosted with automatic updates are a must here, otherwise the infrastructure is exposed for too long.<\/p>\n<p>There are still individuals and businesses who believe \u201ca good antivirus\u201d will solve all potential security problems. But the security threats are growing not just in numbers, but also in complexity. Organizations around the world have to set up equally <a href=\"https:\/\/business.kaspersky.com\/multilayered-defense-against-cybercrime\/2871\" target=\"_blank\" rel=\"noopener nofollow\">complex, multilayered defenses to protect themselves<\/a>. A single-purpose security product wouldn\u2019t be enough.<\/p>\n<p>Antivirus isn\u2019t going away, it is, again, still in the core. But there\u2019s no reason to call \u201can antivirus\u201d modern business-oriented multipurpose security suites created to protect from a wide range of threats, related and unrelated to malware. Aside from being plain wrong, it creates confusion: Would anyone expect protection from spam and phishing or patch management tools in an \u201cantivirus\u201d? Barely. Would anyone expect \u201can antivirus company\u201d to provide decent multilayered protection for business infrastructure, which today is so volatile? Nay. That is why today, the more appropriate names are \u201csecurity solution\u201d and \u201csecurity vendors\u201d.<\/p>\n<p>It doesn\u2019t mean antivirus is gone. It\u2019s still there, and plays a major part, but it\u2019s no longer the only part of any modern security solution. There a many more, equally important ones. <a href=\"https:\/\/www.kaspersky.com\/business-security\/\" target=\"_blank\" rel=\"noopener nofollow\">An appropriate solution comprises them all.<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A look at what the &#8220;threat landscape&#8221; is comprised of for businesses. <\/p>\n","protected":false},"author":209,"featured_media":15589,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1999,3052],"tags":[1251,2334,2069,422],"class_list":{"0":"post-15094","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"tag-antivirus","10":"tag-more-than-antivirus","11":"tag-threat-landscape","12":"tag-threats"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/more-than-antivirus-pt-3-recent-changes-on-the-cyberfront\/15094\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/more-than-antivirus-pt-3-recent-changes-on-the-cyberfront\/9067\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/more-than-antivirus-pt-3-recent-changes-on-the-cyberfront\/15094\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/more-than-antivirus-pt-3-recent-changes-on-the-cyberfront\/15094\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/antivirus\/","name":"Antivirus"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/15094","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/209"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=15094"}],"version-history":[{"count":3,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/15094\/revisions"}],"predecessor-version":[{"id":33552,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/15094\/revisions\/33552"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/15589"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=15094"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=15094"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=15094"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}