In the earliest days of what could be considered cybersecurity, the primary threats were malicious programs that would operate against the wishes of the machine and its operator. These programs, referred to as viruses, served as the progenitors of what we generally refer to in modern parlance as malicious software or “malware.”

Because the long history of malware and anti-malware protection is often the foundation of most compliance frameworks and approaches to cybersecurity, we’re touching on the topic, including what it is and how it has evolved.

Awareness

The Glupteba Botnet: Threats to Businesses and Consumers

Dec 8, 2021 Continuum GRC 0 Comment

December 7, 2021–the Google Threat Analysis Group (TAG) announced that it has identified and temporarily disrupted the Glupteba botnet responsible for infecting an estimated 1 million computers and IoT devices.

This temporary disruption seems to have slightly impacted the botnet’s operation, but currently, the network is still operational.

Many of us may hear about botnets in the news or our compliance meetings… but what is a botnet? Here, we will cover the topic briefly and discuss the implications of Google’s move against this particular threat actor.

Awareness

What Are Encrypted and Fileless Malware?

Dec 2, 2021 Continuum GRC 0 Comment

Malware is a significant, and continuing, problem. A 2019 Verizon study shows that 28% of all data breaches involve malware, and new forms of malware and ransomware are emerging into the wild almost daily.

The challenge of fighting malware is that hackers are finding new ways to inject programs into systems. Even with advanced compliance and security guidelines in private and public markets, these hackers are working every technical and social angle possible to attack industrial, commercial and defense systems. And, unfortunately, it only takes one malicious program to completely bring a system to its knees. We’ve seen this most recently and publicly with the Colonial Pipeline ransomware attack, which cost the company $2.3M.

In the past 5 years, new forms of malware have emerged. Two of these, encrypted and fileless malware, have become more sophisticated and, thus, more dangerous. These attacks are harder to detect, using our existing security measures and assumptions about malware against us.