October 28, 2016
Bogus Encryption Software Downloads Are Delivering Malware
Online security has become increasingly important to rank and file users in recent years, and with good reason. 2015 saw the largest number of hacks and successful data breaches in the history of the internet, and 2016 is on track to surpass it.
Even worse, it’s not just the number of attacks that are increasing, but also, their overall level of sophistication. Today, hackers control vast botnets that are capable of bringing even the most powerful and robust servers to their knees via denial of service attacks. This is but one of the numerous attack vectors open to them.
In response to the growing number of threats users face in the digital ecosystem, encryption software is becoming increasingly popular. However, the hackers merely see this as an opportunity to attack.
By infecting websites that carry popular encryption software, the hackers can launch attacks against users even as they try to get the software they think will protect them. A slight variant of this attack is to create a dummy copy of the popular web portal, and simply offer infected versions of the encryption software that users are interested in.
Unfortunately, most casual users don’t know enough about the internet to be able to spot a fake or spoofed site from a real one, and even if they did, there’s no automatic way to tell if the software they’re downloading is truly safe. Sure, virus checking software can help in this regard, but the companies that make the software are, by definition, in a reactive position, rather than a proactive one. Every time they identify a new threat and update their database, the hackers simply create another threat that can evade detection.
It’s a vicious cycle that places users, and even your harried IT staff behind the curve. They are always on the defensive.
There are, of course, steps you can take to better guard against threats like these. While no digital security is perfect, if you make yourself a hard target, most hackers will move off, in preference for low hanging fruit and less secure systems.
The question, then, is how robust is your current digital security? How much risk are your employees facing?
If you’re not sure, or you’re not comfortable with the current state of your security, contact us today and a member of our staff will be happy to assess your current situation and assist you further.