Following the news about the Spotify that has been caught pushing malware-infested adverts out to users of its free desktop version?
Initially thought to have only affected Windows 10 operating systems, the issue has subsequently been reported on othersincluding Ubuntu and MacOS, causing users to flood forums and Twitter with complaints. Rahul Kashyap, EVP and Chief Architect at Bromium commented below.
Rahul Kashyap, EVP and Chief Architect at Bromium:
“We’ve seen an increase in malvertising of this kind. Last year, our threat sensors found over a quarter of the Alexa 1000 websites were delivering malware via malicious advertisements. This is something that enterprises need to think about, as users see their desktops as personal devices. Threats like these will always find their way into the corporate network. Unless you completely lock down user’s desktops, which isn’t practical, you will always experience user-introduced vulnerabilities.
“Instead of trying to change human behaviour, companies should accept that users are always going to be the weakest link in the security chain. The trick is to contain the threat, so the enterprise isn’t placed at risk. The ideal way to do this is to shrink the attack surface by isolating the endpoint so doing things like clicking on links or downloading documents is contained. Then, even if that action introduces malware, it can’t go beyond that point.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.