This article originally appeared in Information Security Buzz on January 31, 2019.
A file-hosting service is passing around Formbook, an information stealing malware that all starts with a phishing campaign according to researchers at Deep Instinct.
Mike Bittner, Digital Security and Operations Manager at The Media Trust:
“Data breaches happen only to other people until they don’t. FormBook illustrates why there are many parties to share the blame. Companies must understand the prevalence and frequency of these malicious campaigns, and embracing an organizational culture that prioritizes security and privacy. This means beefing up their information security capabilities accordingly, as well as training employees to be wary of malicious campaigns like phishing. If organizations think they haven’t been hit yet, they are either oblivious of attacks or about to fall victim to one. Web app developers must build security and privacy into their products as threats continue to heighten. This will enable them to work on current code issues, while keeping an eye to what future threats might look like. Consumers must also stay up to date with threats that affect them. If they use connected products, they should be aware of the risks they take in exchange for the convenience these products promise. The upshot is that no one can afford to throw caution to the wind in today’s continuously worsening threat landscape.”