Read Time: 2 Minutes
All businesses have something of worth to online criminals, but not all businesses face the same threats.
For the average small or medium-sized company, good security is usually about protecting themselves against attacks that are based on opportunity. The cyber crooks out there want to pick the low-hanging fruit by targeting easy victims.
For larger and politically or socially important businesses, the threat landscape can look totally different, with specially targeted attacks or even governmental spying.
F-Secure’s Threat Report H2 2014 investigated the details of the threat landscape. Let’s look at the dangers for a typical small or medium-sized business, who has nothing of special interest, but will, as said, still have business assets that are interesting to someone.
The fact that vulnerability-leveraging malware is increasingly dominant among detections means that there are a lot of unpatched operating systems and 3rd party applications and software – and these are easy targets. Our earlier studies show that about 80% of TOP10 malware could be avoided with up-to-date software. Yet, software seems to be left unpatched, leaving the business environment open to attacks.
Exploit kits are one form of attack that targets existing vulnerabilities. These toolkits are planted on websites and will exploit vulnerabilities found on a visitor’s device to drop malware on the machine. Reports for these, especially for the AnglerEK type have skyrocketed.
Unpatched Java or Windows platforms continue to be common targets even though Java as a platform is no longer as big a target as before.
On mobile platforms, Android is still the number 1 target.
Attacks on social media platforms are also becoming more popular. Kilim malware, which targets Facebook, has already reached the top 10 malware.
With the number of attacks targeting existing software vulnerabilities still increasing, it is more important than ever to keep all your software patched and up to date. Automatic patching tools can make this much easier for your IT admins.