How to prevent ransomware To protect against ransomware attacks, users should regularly back up their computing devices and update all software, including antivirus software. Users should avoid clicking on links in emails or opening email attachments from unknown sources. Victims should do everything possible to avoid paying ransom. Organizations should also couple a traditional firewall that blocks unauthorized access to computers or networks with a program that filters web content and focuses on sites that may introduce malware. In addition, limit the data a cybercriminal can access by segregating the network into distinct zones, each of which requires different credentials.
8. Exploit kits An exploit kit is a programming tool that enables a person without any experience writing software code to create, customize and distribute malware. Exploit kits are known by a variety of names, including infection kit, crimeware kit, DIY attack kit and malware toolkit. Cybercriminals use these toolkits to attack system vulnerabilities to distribute malware or engage in other malicious activities, such as stealing corporate data, launching denial of service attacks or building botnets.
How to prevent exploit kits To guard against exploit kits, an organization should deploy antimalware software as well as a security program that continually evaluates if its security controls are effective and provide protection against attacks. Enterprises should also install antiphishing tools because many exploit kits use phishing or compromised websites to penetrate the network.
9. Advanced persistent threat attacks An advanced persistent threat (APT) is a targeted cyberattack in which an unauthorized intruder penetrates a network and remains undetected for an extended period of time. Rather than causing damage to a system or network, the goal of an APT attack is to monitor network activity and steal information to gain access, including exploit kits and malware. Cybercriminals typically use APT attacks to target high-value targets, such as large enterprises and nation-states, stealing data over a long period.
