Who’s watching you? Spyware
Managing Director, Security, APJ
Thought Leadership, Security
Spyware is really as bad as it sounds and attacks are on the rise. While their impact can be devastating for an individual or organization, they are often underestimated as a serious threat.
From an organization’s point of view, spyware poses a huge potential security risk – stealing user and company information that is confidential and sensitive. It can also weaken the security posture of devices and allow third-party access. This means an attacker can fully control your devices remotely. On top of this, spyware can increase malware infections. Once the user is infected with spyware or adware they are then vulnerable to even more attacks.
Spyware vendors promote their services as legitimate software tools. We call these potentially unwanted applications (PUAs). Even though such vendors say they are providing useful services and abide by end-user license agreements, it is still spyware at the end of the day. And spyware is nothing more than malware. It collects and transmits your sensitive data without your knowledge.
In our latest Midyear Cybersecurity Report, we put spyware into three broad categories – adware, system monitors and trojans. Our Cisco researchers also studied the network traffic of about 300 companies from November 2016 to March 2017 to determine what types of spyware families were present in organizations and to what extent. Through our research, we found that three spyware families were present in a shocking 20 percent of the 300 companies sampled. These spyware families were: Hola, RelevantKnowledge, and DNSChanger/DNS Unlocker. But there are hundreds of spyware families, and just by scratching the surface it is clear to see that spyware infections are rampant in many organizations.
Spyware companies often sell or provide the data they collect illegally to third parties, magnifying the damage. The worrying thing is that spyware is not always considered a significant security risk, despite many high profile cases that have caused serious damage. These have included a popular VPN and a DNS changer, both apparently legitimate providers on the face of it. The information they steal can be used to identify critical assets, map internal infrastructures and plan targeted attacks. Organizations cannot afford to ignore these major threats and spyware infections must be dealt with swiftly.
To help protect yourself, security teams must maintain active awareness of spyware and determine what information is at risk. Attackers are dynamic and are always looking for new scams and ways of breaching networks. Teams should take the time to develop a playbook for how to fix spyware, adware and riskware infections when they happen.
Taking it a step further, all end users should be educated about the risks of PUAs. Before accepting any end-user license agreements, they should scan the sections on how individual and corporate information will be collected, stored and shared. Spyware masquerading as a PUA is a major security risk and should be dealt with accordingly. It is malware that can open the door to a host of infections that will cripple an organization.
Unfortunately, the spyware problem is continuing to grow as attackers build more malicious capabilities into their software. They also rely on the lethargy of organizations who fail to take the threats seriously and implement preventative action. Being able to spot threats quickly will help win the war against such attacks. Our Midyear Cybersecurity Report shows how we have brought our average time to detection (TTD) rates down to about 3.5 hours. Additionally from a technology perspective, our industry leading Advanced Malware Protection (AMP) continuously analyzes file activity across your extended network, so that you can detect, contain, and remove advanced malware quickly.
Source: Cisco 2017 MCR