Many employers block access to Facebook, Twitter, and other social media sites in order to keep their employees focused on the task at hand. But now IT professionals might have new reasons to limit access to these popular sites: they come with malware.
VPN Creative reports on a new malware attack – called Trojan.Agent.BDYV – that is popping up on Facebook. The attack looks like a link to a YouTube video. The preview shows a scantily clad woman, which is clearly a tired attempt to lure bored men to click on the video.
Beware Malware: No "Likes" for This Facebook Cyber Attack
A closer look at the way cyber criminals have designed the attack reveals how sophisticated this new Facebook malware is:
- Hackers found a way to fake the number of times the video has been viewed, giving it over 1 million views.
- They used a bit.ly link-shortening tool so users can’t see where they are being directed.
- The video plays for a few seconds, but then a dialogue box tells users to download an Adobe update to continue watching (the malware is in this “update”).
Cyber criminals understand how Internet culture works better than most, which explains why this attack looks exactly like a video users might watch when looking for a distraction.
Facebook and Device Malware Highlight Cyber Risks in BYOD Workplaces
The danger of malware like this is that an entire organization's data can be exposed because one person clicked on the link. Whether it's a link in a spear phishing email or social media malware, cyber attacks are often successful simply because users aren't giving their full attention all the time.
To make matters worse, consider the risks your clients face if they have a BYOD workplace, which allows employees to user their personal laptops, mobile phones, and devices on the work network.
Say an employee brings their laptop home. Their children could use it to log on to Facebook, download apps, and check their email. A 13-year old isn't exactly best judge of what a cyber attack looks like. Plus, Helpnet Security reports on a new study that shows 1 in 10 Android apps contain malware. If an employee lets their kids download games on their Android device, they're putting your client's business at serious risk.
How IT Consultants Can Get Their Clients to Take Data Security Seriously
Here is a challenge many IT consultants are familiar with: you can tell your clients what to do, but you can't watch over their shoulder to make sure they actually use their devices securely.
Malware on a client's device can lead to a major data breach. Depending on the strain of malware, cyber criminals can steal your client’s logins, harvest their data, spread malicious software to their vendors / business partners, and wreak all kinds of havoc.
To protect your clients (and limit your risk of lawsuits and financial losses), you should do the following:
- Explain BYOD risks to clients. Make sure clients understand the risks of BYOD workplaces, spear phishing campaigns, and other common threats that target their employees.
- Keep antimalware and other software up to date. Every day your clients wait to download a patch or update leaves them exposed to cyber attacks.
- Mitigate your risks. This includes carrying insurance to cover the cost of an IT lawsuit.
Errors and Omissions Insurance can help you address your liability in lawsuits over malware attacks, data breaches, and other cyber security problems. You might be wondering how you can be sued if a client's employee clicks on a malware link, so let's look at your IT liability.
If malware infects a client's network, they can sue you – even if their employee accidentally downloaded it. As a network security consultant or IT contractor, you install security software that is supposed to protect clients from malware. If this software doesn't stop a new attack, clients can sue you. In addition, they can allege that you failed to inform them about and protect them from certain risks (like a BYOD workplace).
To learn more about the cost of insurance to protect you from cyber security lawsuits, see these sample E&O insurance quotes for tech contractors.