Network Monitoring News – Nov 2016

Nymaim Malware Targets High-Level Managers

A new version of the Nymaim malware family targets high-level managers with attached malicious Word documents and installs ransomware and banking trojans on their machines. Services like ContentCatcher Detonator are a must have, where email attachments are executed in a safe environment so their activity can be reviewed and intentions verified. This puts information about the attachment into the hands of your company’s security administrator. Educating your end users is also an essential safety measure.

El Paso

When dealing with financial requests via email, it is always good to verify multiple times that the vendor and or transactions are legitimate. Verify the accounts on both sides, call the vendor directly and confirm their request. The city of El Paso Texas was scammed out of $3 million through social engineering. A phish! This is happening more and more and is yet another example why user education is so important.

Endpoint Protection

Anti-virus has proven ineffective as of late. It is not that Anti-virus does not work, the AV companies simply cannot keep up. It appears that the next-gen desktop engines are just now being released. On November 1st, 2016 Symantec released their new solution for the desktop called Endpoint Protection 14 and is available now. It looks promising.

Key features include:

• Advanced Machine Learning on the client
• Reputation & Behavioral Analysis,
  • Provides Age, Origin, Association, Frequency.
  • Monitors files while they execute, Tracks 1400 Behaviors and blocks suspicious executables.
• Memory Exploit Mitigation
  • Blocks Zero day exploits against vulnerabilities in popular software.
• Network Firewall and Machine IPS
• Power eraser lets you search for Advanced Persistent Threats
• Application Control
  • Lets you control how applications can execute.
• External Media Control
  • Lets you control what types of devices can upload and or download information.