We recently heard about a Trojan that uses job applications as a means for spreading malware. As our company is...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
looking to hire more people in the coming months, our security team is worried we could be a target. Are the defenses against such targeted attacks roughly similar to those against other social engineering attacks (e.g., employee awareness), or are there other tactics we can also use?
The FBI issued a warning Jan. 19, 2011, about attacks using the Bredolab Trojan to target businesses advertising job postings. Job searching systems have been vehicles for malware attacks and phishing previously, such as in the USAJOBs attack from 2009. The best defenses against attacks using the Bredolab virus spreading Trojan are similar to those used against other social engineering attacks or malware.
One of the recommendations in the FBI warning is to check all email attachments for viruses prior to opening them. This is sound advice when you need to open attachments from people you do not know, but, given the current state of antivirus software, you may want to ensure you are using multiple antimalware products when performing these checks to minimize the chance that targeted malware goes undetected. You may even want to have this check done automatically on the resume submission system so the resumes are scanned before users can even open the files.
There are other tactics that could be used to secure the system of the person initially receiving resumes. Some potential defenses include automatically converting files to different formats, such as Word documents to PDFs and PDFs to JPGs. Converting the document to a different format can prevent, for example, an attack from exploiting a flaw in Word because the file will be running in your PDF reader, or an attack on your PDF reader because the file will be running in your image viewer. Once the converted resume has been manually reviewed, the original source could be used with caution. Also, for businesses that search resumes for keywords prior to review, the parsed document could be used for the initial review before using the original source. You could also open files on a terminal server or virtual machine to determine whether any particular file is malicious, as this would prevent it from having access to the local system or, potentially, to the network, should it be infected with malware.
Dig Deeper on Malware, Viruses, Trojans and Spyware
Related Q&A from Nick Lewis
MedSec and Muddy Waters Capital revealed serious flaws in IoT medical devices manufactured by St. Jude Medical. Expert Nick Lewis explains the ...continue reading
RIPPER malware has been found responsible for the theft of $378,000 from ATMs in Thailand. Expert Nick Lewis explains how this ATM malware works.continue reading
Researchers found that facial recognition systems can be bypassed with 3D models. Expert Nick Lewis explains how these spoofing attacks work and what...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.