Embedded Malware: Account Takeovers Multiplying
Robert McGarvey recently covered the topic of account takeover attempts in his regular column in the Credit Union Times. Michelangelo Sidagni, NopSec’s Chief Technology Officer was quoted, “This is a fast-growing problem.”
Phishing and account takeovers are a really scary prospect. And as Mr. McGarvey outlines in his article, both the frequency and sophistication of the attempts are on the rise. I’ve personally been a victim of embedded malware disguised to look like a Java update. Luckily I was able to recognize it and remedy the issue before any serious damage occurred.
How account takeovers work
How vulnerability management helps
There are multiple facets to protecting users from these type of attacks. Because phishing intersects both technology and human nature, there is no silver bullet. Mr. McGarvey discusses some of the monitoring practices being employed by financial institutions. From NopSec’s perspective, eliminating the exploitable IT security vulnerabilities on infrastructure (such as networks and domain controllers) and applications (such a web applications that are public facing) is a way to combat the issue and limit risk.