Manage Pressing Risks with EPL-Risk.com

A one-stop hub for practical, timely and actionable insights, tools and training that may save thousands of dollars by minimizing potential loss exposures, human resources expenses, training costs, and attorney fees.

Stay on top of current workplace issues, legislation, and employment trends with:
  • Articles, News Briefs, and Checklists
  • Interactive Training Modules
  • Model Handbook with 100+ Template HR Policies, Procedures, and forms

Today's Workplace

Microsoft Exchange Hack: Update Needed ASAP

Patches often fix vulnerabilities that cybercriminals are exploiting. Read why automatic updates are important, especially after the Exchange hack by a foreign agent.

Continue Reading

Malware Rarely Announces Itself But Waits In The Shadows

A newly identified malware on Mac computers that seems active, has yet to execute a payload. Security experts are baffled. Understanding current threats is a key defense.

Continue Reading

Make Sure Your Cybersecurity Investments Provide A Return For Your Organization

It is not enough to spend money on cybersecurity, you must do so effectively. Read more.

Continue Reading
print   email   Share

Malware Rarely Announces Itself But Waits In The Shadows

Cybersecurity firm, Red Canary, recently detected a malware they call Silver Sparrow that has infected about 30,000 Mac computers. At this point, security investigators have been unable to identify the purpose of the malware.

Investigators monitoring the malware say the code checks in with a control server once an hour for instructions but has yet to execute a payload. This leads experts to believe the malware is waiting for some unknown condition to be met before acting.

Another peculiar aspect of the malware is that it contains a self-destruct mechanism that is more often found in high-stealth campaigns. Also, the virus has a version that runs natively on Apple's recently released M1 chip. This has only been seen on one other malware aimed at Mac operating systems and makes it more difficult to discover.

Experts have identified this malware in 153 countries, with most infections occurring in the U.S., U.K., Canada, France, and Germany. Dan Goodin "New malware found on 30,000 Macs has security pros stumped" arstechnica.com (Feb. 20, 2021).

Commentary

Malicious software, or malware, can bring about a multitude of damaging effects on computers and network systems. The mysterious nature of this new Silver Sparrow malware only adds to the unease of security experts.

Staying informed about current threats, and malware in general, is a valuable way to protect network systems from infection. Employers can educate users by implementing weekly or monthly security updates or providing short quizzes and quick facts about system security as a “pop-up” when a user signs onto the network.

Two common misconceptions about malware are that a computer infection will be obvious. In fact, most malware is designed to run undetected for as long as possible, so rarely leaves a trail that can be identified. Also, it is not unusual for cybercriminals to exploit the vulnerabilities of a reputable website and insert malicious files that unsuspecting users could download.

Users also mistakenly assume that cybercriminals would not bother to collect general personal data, like the information they may put on social media. However, hackers find such information invaluable in creating “customized” targeted phishing emails for the purpose of social engineering.

Finally, your opinion is important to us. Please complete the opinion survey: