Black Friday and Cyber Monday continue to be spectacles. Brick and mortar stores are now opening on Thanksgiving Day, and Cyber Monday deals are extending through the following week. Amazon.com is getting into the game even earlier, declaring November 1 as the new official start of the holiday shopping season. As these holiday shopping deals begin to appear, more and more workers are shopping online while connected to corporate networks. This puts them at risk to find more than just holiday deals on the web – many will fall victim to holiday malware.
It’s no secret that malware is a growing concern for corporate networks, and increased non-business traffic during the holiday shopping season compounds the issue – especially as major deals and discounts become competitive. The result creates an ideal environment for email and web-based phishing attacks that lead directly to malware.
A prime example is a rise in FedEx and UPS email phishing attempts during the holiday season. We’ve all seen the emails. “Your package has shipped. Click here to for tracking information.” Only, the link doesn’t lead to FedEx or UPS – it leads to malicious malware. These email phishing attempts are prevalent enough that FedEx and UPS both now offers samples of the latest attacks for consumer awareness.
It’s no surprise that security threats increase dramatically during the holiday season and are planned to coincide with Black Friday ads and Cyber Monday shopping. Will your security controls and protocols be ready? To help prepare, keep these four tips in mind:
1 – Signature-Based Antimalware May Not Be Enough
Attackers today morph their malware regularly to allow the same threat to repeatedly get past signature-based antivirus and antimalware solutions. WatchGuard still recommends you use antivirus and antimalware as a layer of defense against high-threshold malware. But, you also need modern antimalware solutions that can catch botnets, Trojans and worms that have never been seen before (without waiting for new signatures). Consider sandbox or payload analysis solutions like WatchGuard’s APT Blocker.
2 – Change Control Lockdown
Many organizations are locking down their change controls even further during Black Friday, Cyber Monday and throughout the holiday season. Some even hold out until February 14 and the Valentine’s Day rush. Reviewing your configuration and making necessary changes now can put you in a better position to handle any malware issues – or even prevent them from happening in the first place.
3 – Block Malware Control Connections
Even if you have great technical defenses, advanced threats can find a way to walk right through them. You need security solutions that can detect malware that has breached your perimeter – tools that can monitor outgoing traffic for malware connections to command and control channels. WatchGuard’s WebBlocker, for example, can prevent advanced malware, botnets, Trojans and worms from reaching their control servers. The result can defang these potentially dangerous threats even after they’ve reached your organization’s computers and network.
Also be sure to review your firewall security policies to find any unexpected traffic leaking through policies. PolicyMap in WatchGuard Dimension provides a quick and easy visual of policy use (and effectiveness) on your network.
4 – Stay Up-to-Date
Review and update your security policies frequently. Security threats appear and evolve rapidly, and malware is particularly slippery during the holiday season. You need to stay up-to-date on the latest leaks, fixes and patches. We provide a weekly overview on our blog. Subscribe to receive email updates and you’ll receive each update in your inbox.
Make sure your workforce can make the most out of Black Friday and Cyber Monday without jeopardizing critical network systems and data. Malware is a gift that no one should receive.