How Does It Work?
Endpoint-delivered threats usually enter an organisation through:
- a user-infected device introduced into the corporate network which then delivers malware that can spread laterally.
- an infected portable device.
- users who are tricked into downloading and installing malicious software by claims that they are antivirus, disk cleanup or other utility software.
Endpoint security threats happen when attackers can use strategies such as leaving an infected USB drive around the organisation’s parking lot in anticipation that an employee will pick it up and plug it into a network connected system. However, pulling off such an attack is expensive and much more risky for the attackers, especially if they are remote and need a trained human asset in-country to assist with the attack.
Endpoint protection becomes more complicated as users connect their own devices into the corporate network and as more users work remotely. An organisation has to accept that not all traffic on the user’s device will go through the corporate security controls, and in many cases, the organisation may not have device control to enforce a specific endpoint security solution to protect against endpoint security threats.
Opportunistic attackers and those attempting targeted threats on organisations tend to use socially-engineered emails sent to corporate email accounts to compromise user endpoints.
This strategy is easy to execute and cost-effective as attackers can execute the attack remotely, enabling attacks across multiple users, and at multiple different times.
The 2013 Verizon Data Breach Investigations report explains that running a campaign with just three targeted phishing emails gives the attacker a better than 50% chance of getting at least one user to click and have their machine compromised; sending ten almost guarantees getting at least one user to click and compromise their device.
Once compromised, the endpoint can give up a mountain of an organisation’s information along with access credentials that are keys to critical systems and data. The risk of exposure further increases when the compromised endpoint connects to the network and allows the attackers to spread laterally through the organisation’s networked endpoints.
The strongest defence is a layered security approach which includes best-in-class security solutions on the endpoint to check for malicious behaviour, signature matching, and other solutions that can inspect traffic going to and from the device. Additionally, detection and protection from email delivered threats early in the life cycle of a threat is a primary strategy in stopping a large volume of endpoint delivered threats into organisations.