We recently heard about a Trojan that uses job applications as a means for spreading malware. As our company is...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
looking to hire more people in the coming months, our security team is worried we could be a target. Are the defenses against such targeted attacks roughly similar to those against other social engineering attacks (e.g., employee awareness), or are there other tactics we can also use?
The FBI issued a warning Jan. 19, 2011, about attacks using the Bredolab Trojan to target businesses advertising job postings. Job searching systems have been vehicles for malware attacks and phishing previously, such as in the USAJOBs attack from 2009. The best defenses against attacks using the Bredolab virus spreading Trojan are similar to those used against other social engineering attacks or malware.
One of the recommendations in the FBI warning is to check all email attachments for viruses prior to opening them. This is sound advice when you need to open attachments from people you do not know, but, given the current state of antivirus software, you may want to ensure you are using multiple antimalware products when performing these checks to minimize the chance that targeted malware goes undetected. You may even want to have this check done automatically on the resume submission system so the resumes are scanned before users can even open the files.
There are other tactics that could be used to secure the system of the person initially receiving resumes. Some potential defenses include automatically converting files to different formats, such as Word documents to PDFs and PDFs to JPGs. Converting the document to a different format can prevent, for example, an attack from exploiting a flaw in Word because the file will be running in your PDF reader, or an attack on your PDF reader because the file will be running in your image viewer. Once the converted resume has been manually reviewed, the original source could be used with caution. Also, for businesses that search resumes for keywords prior to review, the parsed document could be used for the initial review before using the original source. You could also open files on a terminal server or virtual machine to determine whether any particular file is malicious, as this would prevent it from having access to the local system or, potentially, to the network, should it be infected with malware.
Dig Deeper on Malware, Viruses, Trojans and Spyware
Related Q&A from Nick Lewis
When it comes to state-sponsored attacks infecting mobile devices, do users have any chance of tracing the attack? Expert Nick Lewis offers some ...continue reading
Microsoft won't patch certain ASLR bypass flaws, but enterprises still need to protect against them. Expert Nick Lewis explains the threat and how to...continue reading
Threat actors in China are using VPN services to hide and anonymize their attacks. Expert Nick Lewis explains how to get a handle on these ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.