A recent NSS Labs Inc. test revealed how the top four Web browsers fair against phishing and socially engineered...
malware attacks. Can you please briefly explain what socially engineered malware attacks are, how they work and what I can do to help my employees recognize and mitigate such attacks?
A Web browser should not be the first nor only point of protection against phishing or socially engineered malware attacks; these attacks are neither dependent on the Web browsers themselves nor easily thwarted by the protections built into the different browsers.
Let's start with phishing. Many users are phished when they are not even using the Web. Most of them are email only (for example, an attack that asks the user to provide usernames, passwords or Social Security numbers). Fortunately, these attacks are becoming somewhat less common.
On the other hand, as NSS Labs reported in 2013 and 2014, a socially engineered malware (SEM) attack is an attack that tricks users into downloading and installing malicious software that compromises the security of their system. For example, this malware could be advertised as something that cleans a computer from viruses but in reality is a rogue malware application, or a malicious program disguised as a browser extension.
The standard antiphishing advice was reiterated in the NSS Labs report: Employee security awareness efforts can be effective in protecting against SEM attacks since the attack is focusing on attacking the human and the human can do the most to avoid the attack. However, security awareness is only one component of protecting an enterprise from phishing attacks. Technical components -- such as using secure browsers, securing systems, monitoring for sensitive data in email, and using the antiphishing tools included in most email systems -- will also help reduce the risk. In addition, multifactor authentication may be one of the most effective security controls to stopping account compromises from phishing attacks.
Ask the Expert!
Want to ask Nick Lewis a question about enterprise threats? Submit your questions now via email! (All questions are anonymous.)
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Zscaler recently discovered a malvertising campaign that spreads the Terror exploit kit through malicious ads. Discover more about the threat with ... Continue Reading
Cybersecurity vendor Wordfence reported a rise in scans for SSH private keys that are often accidentally exposed to the public. Learn how to stay ... Continue Reading
The SANS Internet Storm Center discovered a DDE attack spreading Locky ransomware through Microsoft Word. Learn what a DDE attack is and how to ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.