If you do not need to run anything, how this malware installs itself? It could gain administrator rights without actually being run by a user? Thanks for the article!
If the malware needs admin rights and UAC is enabled, it won't be able to run without the users permission. But some malware don't need admin rights, so it's always best to use anti-exploit, white-listing and sandboxing.
None of this will help against a phishing attack where the info is simply gleaned via a return email and thereby hundreds of employees bank details and social security numbers are delivered to the criminals. This actually happened at my sisters workplace a couple of months ago.Thankfully she was on the ball and able to freeze and block her bank account pronto. No need to install or circumvent anything, really chilling in it`s simplicity. Regards Eck
Majority of malware create a startup entry and after restart it has admin rights. Scripting can be also used to elevate a process. Disabling VBS and powershell protects against 99% of infections, since it is like javascripts in browsers and without it, there are not many ways to actually do anything.
Correct, but it mentions "Spear Phishing" as a way to get malware on the system, and this malware will be easily stopped by the tools that I mentioned.
The attack is merely someone pretending to be an employee requesting info to be sent via return email. There is nothing actually malicious needed to be installed for attack to be successful. As simple as that and very nastie. Regards Eck
I think the article is a bit confusing, because it's supposed to be about malware, but then it mentions the Snapchat attack, where no malware was involved. But I'm talking about stuff like this: https://www.invincea.com/use-cases/attack-techniques/spear-phishing/
Yes that would explain the "Spear" in the phising where the sensible security measures as you mentioned would more than deal with it. Regards Eck