Cybercriminals are increasingly targeting corporate employees who use free Web tools to access corporate systems. Social-networking sites are the most popular where hackers gather personal data for usernames and passwords.
The most popular sources are AOL, Yahoo, MSN instant messaging, Yahoo Mail, Hotmail, Gmail, MySpace and FaceBook; the free tools that you’ll find open on millions of workplace PCs.
Many government and financial services firms block access to YouTube and other popular websites on work computers. But some organisations pay little heed to how employees use free Web programs; only a small minority actually pay for secure alternatives.
Most customised business applications used in commerce and government continue to be created with functionality, not security, as the top specification.
Randy Abrams, director of technical education at ESET, describes corporate data as “existing in a state of anarchy,” moving haphazardly about company networks with too few protections. “The bad guys are aware of this,” says Abrams. “Right now, there is little stopping them from moving data to places it should not be going.”
Criminal groups are turning data raided from corporate networks into cold, hard cash. Last week a corporate technology enterprise saw a notice on its trustworthy internal website that prompted workers to click on a link. Upon doing so they infected their computers with a virus that shut down their antivirus protection and spread across their entire network of over 300 computers, then copied the contents of their My Documents folder and transmitted them via the internet to a gang of hackers located abroad.
ESET recommends companies to assess potential threats to their data and have a defensive strategy in place, with regularly updated multi-layered protection (firewall, antivirus, anti-spyware and anti-spam), to counter new threats as they emerge.