I just finished reading an article in the June 11, 2012 issue of Information Week titled, “Flame Give Spyware A Next-Gen Update” by Kelly Jackson Higgins. If you haven’t been keeping up on the latest threats to your personal information “Flame” is the most recently discovered malware that has attacked PCs and infrastructure in the Middle East. Actually “Flame” was the predecessor to “Stuxnet” and has been hiding in plain sight for several years. “Flame” is 20 times the size of “Stuxnet” and provides a library of commands for hackers to use to attack PCs and other devices. The library includes commands to extract information from databases and exploit functions such as listening to Skype calls and using Bluetooth communication to monitor your attached devices.
The most concerning part of the article is the mention that “Flame” appears to be aimed at old-fashioned espionage like stealing documents, taking screen shots, snooping emails and recording instant messages. Thus far “Flame” and “Stuxnet” have been used to target specific organizations but experts believe that in the coming months the published code will be used to target a wider range of organizations. This should be a wakeup call to senior management to ensure that they have the proper level of protection at all levels within their IT infrastructure. This means perimeter, device and file-level security. Having up-to-date firewall and malware security may not be enough to prevent your most highly classified files from being compromised. Implementing file security that only addresses certain file types like PDF documents leaves organizations open to the loss of your most valuable intellectual property. Persistent security that covers the widest range of native file formats is the only way to ensure that you have control of information regardless of its location. The organization maintains control not the intruder.
Senior executives should ask one simple question – “How confident are we that we can protect our files from advanced threats such as “Flame”? If your company is in the cross hairs of an overseas competitor or organized crime without persistent file-level security, you will pay the price!
Photo credit Forbes