How to Reduce Malware-Induced Security Breaches

Malware has caused the industry to rethink its security best practices, introducing tools such as transaction verification to guard against real-time, man-in-the-middle attacks. Out-of-band authentication mechanisms are growing rapidly in popularity. While it is certain that malware will continue to evolve, Knowledge Center contributor Steve Dispensa offers four simple steps you can take to significantly reduce your malware-induced security breach exposure.


Malware represents one of the biggest, most rapidly changing challenges facing corporate security today. The threat landscape is always evolving and last year was no different. Google reported a doubling of malware sites, and there were troubling reports last summer of a new kind of active, man-in-the-middle (MITM) malware that cost banking customers millions.

In a recent survey of IT professionals, over 32 percent felt that malware installed on PCs will pose the greatest external threat to IT security over the next 12 months. Over 16 percent indicated that malware on mobile devices presented the greatest threat. In total, malware running on PCs and mobile devices was ranked the top threat for 2010 by nearly 50 percent of respondents.

Here is a closer look at the types of malware threats you should be prepared to face this year, as well as four concrete strategies your company can implement to protect against them.

Malware threats

Enterprises have been battling malware for years but the threats continue to evolve. Among the largest problems for enterprises today is credentials harvesting. Criminals are deploying increasingly sophisticated malware designed to steal usernames and passwords from legitimate users. There are numerous ways this can happen, including malware unwittingly installed by users, browser-based malware and eavesdropping attacks.

For example, in November 2009, a security researcher was able to leverage a bug in a Secure Sockets Layer (SSL) protocol to obtain Twitter users' log-in information in the clear. While a Twitter attack might seem relatively innocuous, consider how many people also use their Twitter password for their online banking or corporate log-in. How many enterprise users use the same password for Twitter as they do on their domain? There are a number of ways that various forms of malware could induce attacks such as this one.

Another attack vector that was recently described against SSL VPNs involves the use of browser-based malware to log all keystrokes typed into a browser. The attack, which leverages the way most SSL VPNs interact with browsers' same-origin policies, could easily lead to users disclosing passwords as they log into corporate Webmail accounts.

Another malware-related threat involves targeted phishing. Increasingly, we have seen criminals single out individuals or groups within organizations for receipt of carefully crafted phishing e-mail messages. These e-mail messages could contain pieces of malware for installation on users' computers or could contain links to malicious Websites. Either way, the highly targeted nature of these phishing attempts makes them hard for average users to detect. A recent spear phishing experiment involved fake LinkedIn invites and was highly successful.

Finally, theft of information is one of the actions of most concern by the new generation of malware. Trojans such as Clampi and Zeus are actively stealing information and can be adapted to steal whatever information the maintainers are most interested in. For example, they can steal usernames and passwords for online banking or, worse, they can be instructed to create hidden transactions transferring money to "mule accounts" controlled by the attackers. Traditional authentication solutions such as tokens and smart cards are helpless to prevent these attacks.