Our organization has a high level of turnover, which means there are new users coming in all the time with little-to-no...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
security knowledge. Because of this turnover, we continue to have problems with scareware in particular, as employees are downloading fake antivirus, which then overruns our network. What is the best way to get this stuff out of our organization, considering our security awareness training can't seem to keep up?
While security awareness training is one of the most important aspects of a security program, there are times when technical controls must be put into place to stop or better manage specific security threats. In a situation where there are new employees with minimal security knowledge, it's probably best to rely less on security awareness and to carefully implement the necessary technical security controls. However, you should still ensure you have adequate security awareness training. This training should be about more than how to create a secure password: It should include education on phishing, social engineering and, of course, fake AV malware, among other things.
When it comes to scareware removal, first determine the root cause of the scareware and fake antivirus infections. If users are clicking on links from email and being directed to malicious webpages, becoming infected after clicking on rouge ads, or by other means, the network defenses might be slightly different; however, many of the same host security controls may be the same.
If you have difficulty determining the root cause of the infections, try comparing the security controls or settings of the infected systems with those of systems that are not getting infected, and adjust the infected systems' controls accordingly. If systems are not being adequately cleaned of malware, you may want to try rebuilding them to ensure the malware is completely removed. If you cannot determine the root cause of the infections, you may want to start with additional host security. To identify additional systems that are infected, monitor the network for outbound access to which known infected systems are connecting, or scour potentially infected systems for similar executables as those that are on the known infected systems.
Dig Deeper on Web application and API security best practices
Related Q&A from Nick Lewis
When NSA cyberweapons went public, attackers bundled them into the EternalRocks malware. Nick Lewis takes a closer look at this new threat and ...continue reading
A Google Docs phishing attack used OAuth tokens to affect more than a million Gmail users. Nick Lewis explains how it happened, and how to defend ...continue reading
A vulnerability in Microsoft's Windows Defender antivirus tool left users open to remote code exploitation. Expert Nick Lewis explains how it ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.