We recently heard about a Trojan that uses job applications as a means for spreading malware. As our company is...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
looking to hire more people in the coming months, our security team is worried we could be a target. Are the defenses against such targeted attacks roughly similar to those against other social engineering attacks (e.g., employee awareness), or are there other tactics we can also use?
The FBI issued a warning Jan. 19, 2011, about attacks using the Bredolab Trojan to target businesses advertising job postings. Job searching systems have been vehicles for malware attacks and phishing previously, such as in the USAJOBs attack from 2009. The best defenses against attacks using the Bredolab virus spreading Trojan are similar to those used against other social engineering attacks or malware.
One of the recommendations in the FBI warning is to check all email attachments for viruses prior to opening them. This is sound advice when you need to open attachments from people you do not know, but, given the current state of antivirus software, you may want to ensure you are using multiple antimalware products when performing these checks to minimize the chance that targeted malware goes undetected. You may even want to have this check done automatically on the resume submission system so the resumes are scanned before users can even open the files.
There are other tactics that could be used to secure the system of the person initially receiving resumes. Some potential defenses include automatically converting files to different formats, such as Word documents to PDFs and PDFs to JPGs. Converting the document to a different format can prevent, for example, an attack from exploiting a flaw in Word because the file will be running in your PDF reader, or an attack on your PDF reader because the file will be running in your image viewer. Once the converted resume has been manually reviewed, the original source could be used with caution. Also, for businesses that search resumes for keywords prior to review, the parsed document could be used for the initial review before using the original source. You could also open files on a terminal server or virtual machine to determine whether any particular file is malicious, as this would prevent it from having access to the local system or, potentially, to the network, should it be infected with malware.
Dig Deeper on Malware, Viruses, Trojans and Spyware
Related Q&A from Nick Lewis
The new Trochilus RAT can avoid detection in cyberespionage attacks. Expert Nick Lewis explains how it works, and if enterprises need to adapt their ...continue reading
The Asacub Trojan has new banking malware features. Expert Nick Lewis explains how it made this transition and what enterprises should be watching ...continue reading
BlackEnergy malware may have been part of the attacks on Ukrainian utility and media companies. Expert Nick Lewis explains how this malware works and...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.