How to keep viral memes from spreading malware in your enterprise

STOP! Infected Pokemon Go, games and memes are spreading malware.

Perhaps the worst news about Pokemon Go is how attackers are using it to spread malware. This is not the first time bad-guy hackers have leveraged the popularity of games to spread malicious software. Viral memes spread malware, too, via drive-by attacks as people visit malicious sites that draw them by hosting or linking to the internet-based cultural sensation.

Users assume that games and meme sites have integrity. This makes it easy for the hackers to push compromising software onto consumers’ phones and computers and into your organization. Cyber thugs also use man-in-the-middle attacks on game apps to take control of mobile devices and launch attacks on the enterprise.

CSO shares the process attackers use to slip inside the enterprise through memes and games together with enterprise security policies and enforcements that help ensure the next viral internet craze doesn’t lead to malware playtime inside your organization.

Attackers enter games in a couple of ways. When they see users swiftly adopting a game such as Pokemon Go, they download a copy, decompile it, add malware, compile it, and publish it onto fake and third-party app sites for unsuspecting consumers to download and use. “When the user downloads the app, it installs a Trojan or other malware variant that gives attackers complete control of the device along with a mechanism for tracking and extracting personal information such as passwords and payment information,” explains Philip Casesa, Product Development and Portfolio Management, (ISC)2. Attackers can increase their dwell time on the device by allowing the game app to function normally despite the malware.

Attackers lure victims by making the cloned games available in parts of the world where the game’s vendors have not yet released the genuine item. “While the U.S. population was capturing Pokemon, the U.K. market still had no official release date. This resulted in more people attempting to bypass the relative safety of managed app stores to obtain the software, by jailbreaking their phones,” says Casesa.

These hackers also infiltrate game apps that are already in use. According to Bob Palmer, a vice president with SAP NS2, attackers gain access on a communications protocol level using a man-in-the-middle attack that intercepts the handshake between the game app on the device and the game vendor’s server.

In either case, attackers can then manipulate the privileges the user granted to the app to extract usage data and personal information including passwords in order to control the device’s behavior and make it do things it would not normally do, according to Palmer. “They can get the smartphone to send an email with a malware payload into the corporate network hoping someone will open it."

As for memes, malicious websites host viral videos, posts, and images to draw people in, and then the site automatically passes malware onto the user’s device. “The user doesn’t need to actively download anything or engage in other risky computer behavior. Simply visiting the infected website can cause malware or ransomware to exploit vulnerabilities in the operating system or browser,” says Casesa.

“Once an attacker has personal information like passwords they can go after email accounts, which can enable access to other accounts. Where people reuse the same password, attackers can access employee bank accounts as well as work accounts,” explains Casesa.

Using work credentials, attackers explore and exploit whatever systems the user has privileges on. “Attackers can use access to these systems to spread more malware, collect additional data, and pick up credentials for more systems,” says Casesa.

Enterprise preparations, policies and enforcements

Stringent policies are unavoidable where the security of enterprise data and the productivity and safety of employees are concerned. “Mobile policies can ban certain apps and jailbreaking or side-loading of software,” says Casesa. When employees understand why this is necessary, it should be easier to get them to comply.

You need to use education programs that grab your employees’ attention and engage them while teaching them the risks of memes and games as well as your policies pertaining to such sites and applications. Programs need to identify official app download sites while pointing out the ear marks of unofficial and known bad sites so that your people can tell the one from the other. You need to confirm that they understand and you need to verify a change in their behavior after the training, as well.

[ ALSO ON CSO: How to craft a security awareness program that works ]

There are other benefits to successful security education. “A knowledgeable workforce is often the first and best line of defense because they can spot risks and report them to the proper teams before these lead to damage,” says Casesa. Rewards systems typically work well for reinforcing healthy employee behavior in response to security risks.

Even with a successful rewards program, it is necessary to apply technology to reinforce policies. By using technologies including mobile device management (MDM), mobile application management (MAM), and enterprise mobile management (EMM) as well as network access control (NAC) and endpoint security, and by layering compatible approaches, the enterprise can enforce strong policies and take a strong stance against malware. First ask your existing device and software vendors about available tools.

Then you can automatically block device or even user access to corporate networks once these mobile technologies detect behavior that goes outside the security policy. Remember, if you block only the device, the user may still have it synced with other devices, and the malware may enter through one of these other devices that you have not blocked.

Additional security for risky memes and games

There are many reasons to delay software patches including the need to test these for flaws, the fact that a patch may make the patched software incompatible with other software and applications, and the fact that this incompatibility may break a vital app that serves the needs of your core business. However, you need to weigh these risks against the risks of malware entering through unpatched vulnerabilities.

If you can automate testing for patched software in a sandbox and then schedule it for limited production use on a certain set of servers before fully deploying it, you can establish some sort of routine, relatively swift patching program to close those holes while maintaining the integrity of the production environment. If a patch does break a critical application, you will have to weigh the opportunity cost of updating the application and perhaps software with dependencies against the likelihood and severity of the security threat from the unpatched hole.

It is as inexpensive to harden endpoints as the time and effort that it takes to set the configurations that do so. “Aggressive patching and hardening of these machines goes a long way toward reducing the risk of infections that can provide attackers with a foothold into the organization,” says Casesa.

All the technology in the world won’t stop malware from waltzing into your company if employees do not willingly make themselves extensions of the security team. By using ever more positive, rewarding programs to draw employees into the security battle, you can begin to keep them from being extensions of an attacker’s team instead.

Join the CSO newsletter!

Error: Please check your email address.

More about CSO

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Geer

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts