Malware: It’s Everywhere

Articles about malware infiltrating everything from our ATMs, iOS apps, and baby monitors have been the focus of many tech news outlets as of late. Listed below are some of the more troubling attack vectors that have been exploited in recent weeks.

This past month, ATMs in Mexico were discovered to have malware that enabled hackers to withdraw all the cash from a victim’s account. That malware has yet to make its way to the U.S., however researchers believe that it is only a matter of time as industry officials have stated that it is possible for the same malware code to be used in U.S based ATM machines if they are not adequately protected.

Apple suffered their worst malware attack yet. 50 malware infected apps found their way into the App Store earlier this week, affecting their customer’s iPhones and iPads. While Apple hasn’t confirmed whether this iOS malware has stolen any customer data, they have since removed the infected apps from their store.

Baby monitors and Web-enabled cameras manufactured in China have been recently shown to be loaded with rootkit exploits from the factory and remain vulnerable to web-based malware attacks through their graphical UIs discovered last year.

In a related trend, some of the top baby monitoring and security mobile apps have been shown to be susceptible to the same UI exploits.

With the incoming wave of IoT and mesh enabled devices, we expect an increase in the number of attack vectors and subsequent exploits as developers learn to secure these protocols against more enterprising black hat engineers.

More than 317 million malware signatures (both computer-viruses and other malicious software) were created last year according to Symantec’s 2015 Security Threat Report. That means nearly one million new threats were released each day.

In 2015, “Malware is going to become the tool of choice rather than others because it’s easy to build,” said Paul Christman, VP of Public Sector Software at Dell.

“The level of sophistication for malware is going to become higher and higher and higher. It’s going to become easier to construct malware out of recyclable parts that are generally available via the Internet. From that perspective, the barrier to entry for malware is going to be lower.”

While the more complicated malware attacks are just now emerging publicly, many have been in development for more than half a decade, according to Joe Stewart, the director of malware research at Dell SecureWorks.

The most important thing to note about malware is that users must be knowledgeable, and know how to navigate the landscape of fake ads and buttons, to keep safe. Following basic cyber security tips such as keeping your software up to date, using unique passwords, and thinking before clicking on suspicious links can prevent a majority of malware attacks.

As simple as these steps sound, it’s been proven time and time again to be one of the most difficult things to do. Getting your employees for example, to follow safe cyber practices, can be easier said than done. What could be deemed an innocent visit on Facebook or a favorite news site, could give hackers a launching pad to penetrate a business’ system. It’s safe to say that most people will use their work computer for personal use at one point or another.

Joseph Demarest, assistant director of the FBI’s cyber division says, “The malware used in the Sony hack would have slipped past 90% of defenses today. By taking steps to learn about cyber security, many businesses can take it upon themselves to be proactive and do what they can to protect themselves.”

Axiom engineers agree. Perimeter and physical security are just as important as end-point protection. Often the best line of defense is a combination of continuing education, good software, and constant vigilance.

If you or your organization needs help, feel free to contact us for information on SME and corporate education seminars as well as Axiom’s continuously adapting line of security appliances, Sentinel. #FightBackWithAxiom

About the Author