Malware Attacks

What do you need to know?

How Malware can infiltrate a company network:Phishing: Emails purporting to be from legitimate sources are often used to lure users into opening files or clicking links that contain malware, giving network access attackers without the computer user's knowledge.Infected USBs: Hackers have been known to leave malware - infected USBs outside targeted company premises, often marked Private or Confidential. Human curiosity means many people will plug them into their company computer and open the files within, bypassing many security defences and letting malware loose in company network.Drive-by-downloads: Malware infections can be caused by an action as simple as visiting a website that hosts malicious code that scans for vulnerabilities in browsers. Even respected websites aren’t necessarily safe, with attackers often inserting their code into advertisements they have bought on legitimate websites.

Join Cisco and ThreatConnect to learn how orchestration enhances malware analysis. Register now!

How does it work?

Malware can infect a computer or network in a variety of ways:

Spyware: software that records computer activity, including sensitive financial information, and transmits without the computer user's knowledge
Keylogger: this spyware records and transmits keyboard and mouse activity on a target computer, allowing hackers to steal passwords or other information
Worms and Viruses: once inside a system, these files can replicate themselves and spread throughout a network, often overloading web servers
Bots: allows attackers to take control of infected systems. Networks of bot computers are sometimes harnessed to wreak even greater damage.
Ransomware: can encrypt all of an infected computer's files, rendering it useless until a ransom is paid

Is your endpoint security continuously monitoring and eliminating malware?

What can you do to protect your organisation?

Cisco Advanced Malware Protection (AMP) not only screens incoming traffic, but uses global cyber intelligence from Talos to identify and block malware before it tries to access your network. AMP identifies and removes malware that’s already infected a network, while retrospective security uncovers the origin of malware.

If, for example, the system detects a Microsoft Word attachment hiding malware, AMP can not only isolate, and remove the malware, but also track where that Word document was sent, to block other attacks.

AMP learns from each threat, incorporating intelligence from Talos to prevent reinfection. Suspicious programs are sandboxed – quarantined and then run in isolation to see if they contain malware.

Keep up-to-date with malware protection

Meet our security engineers and product experts who share insights of emerging malware and the threat landscape on their Security blog.

For more on AMP, click here.