New Threats and Security Trends – CompTIA Security+ SY0-401: 2.6

The security landscape is constantly changing. In this video, you’ll learn about some of the latest threats and emerging security concerns.

<< Previous Video: User HabitsNext: Social Networking and Peer-to-Peer Security >>

There are also some bad threats out there your end users need to be aware of. One obvious one is viruses. There are thousands and thousands of new viruses every week. It’s very, very difficult for an anti-virus program, a single anti-virus program, to get all of them. Many organizations will put anti-virus at their gateway, they’ll put anti-virus on their email servers, and, of course, anti-virus on their end user workstations and their servers. And that’s one of the things is, they’ll often mix and match different manufacturers of anti-virus in an effort to try to get as many of these viruses filtered out as possible. Obviously, we’re going to need new technology for virus someday. We’re approaching the maximum capabilities of what we can do with anti-virus. So we’re slowly working towards new technologies and new ways to identify some of these viruses.

Another very common threat these days is phishing, where you may be presented with a page that looks just like a login page for our intranet or a login page for Facebook or for Twitter, and we’re typing our credentials in so we can log in, but, of course, in phishing it’s not really Facebook. It’s not really Twitter. It’s not really our corporate intranet. We’re typing this information directly into the bad guys’ web server. And as soon as we type that in, they have our username and password. Yet another threat. We have to make people aware that when you’re putting in your username, your password, or any other personal or identifiable information, you need to double-check and make sure that you’re going to that site directly. You didn’t just click a link in an email to get there.

Spyware is something that thing gets embedded on someone’s machine. Maybe they’ve clicked the link and that link has now put spyware on someone’s machine. And now it’s capturing keystrokes. It’s watching where people browse. It’s gathering other information about what may be inside of an organization. Unfortunately, spyware can also cost you money. If you’re a financial person that’s logging into your bank accounts and moving things around, a key logger can capture all of that login information, send it back to the bad guys, and then from their side they can log into your bank account and do whatever they like with your money. It becomes an unfortunate situation.

There are also exploits called zero-day exploits. This is when a piece of software you’re running on your computer is vulnerable to a particular kind of attack that up to this point nobody knew about. And now suddenly today the bad guys are taking advantage of that particular exploit. And now the manufacturer of that software has to now come up with a patch. But in the meantime, this exploit is active, and people would be able to take advantage of that on your computer. The only defense of a zero-day exploit is very, very quickly reacting to it, and making sure that you’ve got the patch and you have the information you need to protect that machine immediately. The longer you take, the longer that exploit will be available to the bad guys.